Vulnerabilities > Open Webmail > Open Webmail > 2.30
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0445 | Cross-Site Scripting vulnerability in Open WebMail Logindomain Parameter Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page. network open-webmail | 4.3 |
| 2004-12-31 | CVE-2004-2458 | Unspecified vulnerability in Open Webmail Open Webmail Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories. | 5.0 |
| 2004-12-31 | CVE-2004-2284 | Remote Command Execution Variant vulnerability in Open WebMail Vacation.PL The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument. | 10.0 |
| 2004-08-18 | CVE-2004-0520 | HTML Injection vulnerability in SquirrelMail Email Header Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. | 6.8 |
| 2004-08-06 | CVE-2004-0639 | HTML Injection vulnerability in SquirrelMail From Email Header Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable. | 6.8 |