CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4172
https://notcve.org/view.php?id=CVE-2007-4172
07 Aug 2007 — Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c... • http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2006-3233
https://notcve.org/view.php?id=CVE-2006-3233
27 Jun 2006 — Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en openwebm... • http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236%3Brev2=237 •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2006-3229
https://notcve.org/view.php?id=CVE-2006-3229
27 Jun 2006 — Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Open WebMail (OWM) v2.52, otras versiones lanzadas con anteriorioridad a 12/05/2006, permite a atac... • http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235%3Brev2=236 •
CVSS: 6.8EPSS: 1%CPEs: 17EXPL: 1CVE-2006-2190
https://notcve.org/view.php?id=CVE-2006-2190
04 May 2006 — Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863. • http://openwebmail.acatysmoof.com/archive/html/owm-announce/owm-announce.200605/msg00000.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2863
https://notcve.org/view.php?id=CVE-2005-2863
08 Sep 2005 — Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter. • http://marc.info/?l=bugtraq&m=112603902716918&w=2 •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2005-1435
https://notcve.org/view.php?id=CVE-2005-1435
03 May 2005 — Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. • http://secunia.com/advisories/15225 •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2005-0445
https://notcve.org/view.php?id=CVE-2005-0445
15 Feb 2005 — Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page. • http://secunia.com/advisories/14253 •
CVSS: 10.0EPSS: 4%CPEs: 10EXPL: 0CVE-2004-2284
https://notcve.org/view.php?id=CVE-2004-2284
31 Dec 2004 — The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument. • http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2004-2458
https://notcve.org/view.php?id=CVE-2004-2458
31 Dec 2004 — Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories. • http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch •
CVSS: 6.8EPSS: 3%CPEs: 21EXPL: 2CVE-2004-0639 – SquirrelMail 1.2.x - From Email Header HTML Injection
https://notcve.org/view.php?id=CVE-2004-0639
09 Jul 2004 — Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados en Squirrelmail 1.2.10 y anteriores permiten a atacantes remotos inyectar HTML o script d... • https://www.exploit-db.com/exploits/24167 •