Vulnerabilities > CVE-2005-2863 - Cross-Site Scripting vulnerability in Open Webmail Open Webmail 2.41

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
open-webmail
nessus

Summary

Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter.

Vulnerable Configurations

Part Description Count
Application
Open_Webmail
1

Nessus

NASL familyCGI abuses : XSS
NASL idOPENWEBMAIL_SESSIONID_XSS.NASL
descriptionThe installed version of Open WebMail on the remote host is prone to cross-site scripting attacks because it fails to sanitize user- supplied input to the
last seen2020-06-01
modified2020-06-02
plugin id19769
published2005-09-21
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/19769
titleOpen WebMail sessionid Parameter XSS