cbcvebase.

Inter7 Sqwebmail vulnerabilities

6 known vulnerabilities affecting inter7/sqwebmail.

Total CVEs
6
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2005-1308P4HIGHCVSS 7.5PoCv3.4.1v3.5.0+7 more2005-04-15
CVE-2005-1308 [HIGH] CVE-2005-1308: SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the r SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.
nvd
CVE-2004-0591P4MEDIUMCVSS 6.8PoCv4.0.42004-08-06
CVE-2004-0591 [MEDIUM] CVE-2004-0591: Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and ear Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type.
nvd
CVE-2005-2769P4MEDIUMCVSS 4.3PoCv5.0.42005-09-02
CVE-2005-2769 [MEDIUM] CVE-2005-2769: Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remot Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail.
nvd
CVE-2004-2313P4MEDIUMCVSS 5.0v3.4.1v3.5.0+5 more2004-12-31
CVE-2004-2313 [MEDIUM] CVE-2004-2313: Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords vers Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.
nvd
CVE-2005-2724P4MEDIUMCVSS 4.3v3.4.1v3.5.0+12 more2005-08-30
CVE-2005-2724 [MEDIUM] CVE-2005-2724: Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitr Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer.
nvd
CVE-2005-2820P4MEDIUMCVSS 4.3v5.0.42005-09-07
CVE-2005-2820 [MEDIUM] CVE-2005-2820: Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitr Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]".
nvd
Inter7 Sqwebmail vulnerabilities | cvebase