Vulnerability Name: CVE-2006-2190 (CCN-26105) Assigned: 2006-04-27 Published: 2006-04-27 Updated: 2017-07-20 Summary: Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. Note CVE-2005-2863 . CVSS v3 Severity: 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: MITRECVE-2006-2190 [owm-announce] 20060502 OpenWebMail version 2.52 http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232;rev2=233 http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233&limit=33 Open WebMail <=2.51 XSS vuln. http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html Open WebMail "sessionid" Cross-Site Scripting Vulnerability 16734 Welcome to Open WebMail Project! openwebmail-multiple-scripts-xss(26105) openwebmail-multiple-scripts-xss(26105) Vulnerable Configuration: Configuration 1 :cpe:/a:open_webmail:open_webmail:1.7:*:*:*:*:*:*:* OR cpe:/a:open_webmail:open_webmail:1.8:*:*:*:*:*:*:* OR cpe:/a:open_webmail:open_webmail:1.71:*:*:*:*:*:*:* OR cpe:/a:open_webmail:open_webmail:1.81:*:*:*:*:*:*:* OR cpe:/a:open_webmail:open_webmail:1.90:*:*:*:*:*:*:* OR cpe:/a:open_webmail:open_webmail:2.00:*:*:*:*:*:*:* OR cpe:/a:open_webmail:open_webmail:2.01:*:*:*:*:*:*:* OR cpe:/a:open_webmail:open_webmail:2.10:*:*:*:*:*:*:* OR cpe:/a:open_webmail:open_webmail:2.20:*:*:*:*:*:*:* OR cpe:/a:open_webmail:open_webmail:2.21:*:*:*:*:*:*:* OR cpe:/a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:* OR cpe:/a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:* OR cpe:/a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:* OR cpe:/a:open_webmail:open_webmail:2.40:*:*:*:*:*:*:* OR cpe:/a:open_webmail:open_webmail:2.41:*:*:*:*:*:*:* OR cpe:/a:open_webmail:open_webmail:2.50:*:*:*:*:*:*:* OR cpe:/a:open_webmail:open_webmail:*:*:*:*:*:*:*:* (Version <= 2.51) BACK
open_webmail open webmail 1.7
open_webmail open webmail 1.8
open_webmail open webmail 1.71
open_webmail open webmail 1.81
open_webmail open webmail 1.90
open_webmail open webmail 2.00
open_webmail open webmail 2.01
open_webmail open webmail 2.10
open_webmail open webmail 2.20
open_webmail open webmail 2.21
open_webmail open webmail 2.30
open_webmail open webmail 2.31
open_webmail open webmail 2.32
open_webmail open webmail 2.40
open_webmail open webmail 2.41
open_webmail open webmail 2.50
open_webmail open webmail *
Denotes that component is vulnerable