OpenWebMail Multiple XSS Vulnerabilities Network Vulnerability

Summary

This host is installed with OpenWebMail and is prone to multiple cross-sites scripting vulnerabilities.

Impact

Successful exploitation will allow remote attackers to inject arbitrary web script or HTML via unknown vectors and conduct cross-sites attacks. Impact Level: Application

Solution

Upgrade to version 2.53 or later. http://openwebmail.org/

Insight

The vulnerability is caused because the application does not sanitise the user supplied data.

Affected

OpenWebMail versions prior to 2.53

References

http://freshmeat.net/projects/openwebmail/releases/270453
http://osvdb.org/40581
http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-7202

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
Adobe ColdFusion Unspecified Information Disclosure Vulnerability
Apache Archiva Cross Site Request Forgery Vulnerability

Take action and discover your vulnerabilities