CVE-2006-2190

Published May 4, 2006

Last updated 3 months ago

CVSS info 6.8

Overview

Description: Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: -
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:open_webmail:open_webmail:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C796754-5EF1-4ED9-8FBE-852651FECB07",
            "versionEndIncluding": "2.51"
          },
          {
            "criteria": "cpe:2.3:a:open_webmail:open_webmail:1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B94ECAA-1148-4A84-93B4-56B56A0938AC"
          },
          {
            "criteria": "cpe:2.3:a:open_webmail:open_webmail:1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA86C04C-D31E-4B0B-A8E0-13A5FED7644E"
          },
          {
            "criteria": "cpe:2.3:a:open_webmail:open_webmail:1.71:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62736A5C-7E68-4E47-9954-D62C913E3AF7"
          },
          {
            "criteria": "cpe:2.3:a:open_webmail:open_webmail:1.81:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02D1462D-CC70-41CC-BAF4-48CD0ECAFD4A"
          },
          {
            "criteria": "cpe:2.3:a:open_webmail:open_webmail:1.90:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50009537-0820-4CDB-94E1-2222040F234C"
          },
          {
            "criteria": "cpe:2.3:a:open_webmail:open_webmail:2.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53783E69-4E5E-4AAD-A280-338E131478C5"
          },
          {
            "criteria": "cpe:2.3:a:open_webmail:open_webmail:2.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F32A212-11C1-432A-9ECD-844CD4EC3EF7"
          },
          {
            "criteria": "cpe:2.3:a:open_webmail:open_webmail:2.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30D334D8-D50F-45DA-9267-F2A4722BF4A9"
          },
          {
            "criteria": "cpe:2.3:a:open_webmail:open_webmail:2.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCEC7B40-834B-4476-8A0D-FDEA86C436D0"
          },
          {
            "criteria": "cpe:2.3:a:open_webmail:open_webmail:2.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "467BEC56-9C42-4180-B422-F0099AF77B21"
          },
          {
            "criteria": "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8"
          },
          {
            "criteria": "cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC478ABF-19F8-4195-AA37-23668E2474EC"
          },
          {
            "criteria": "cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3A87C77-5F6E-497D-A6A0-7D68D5E27E33"
          },
          {
            "criteria": "cpe:2.3:a:open_webmail:open_webmail:2.40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "162770C7-AF47-437C-A0D7-9F92D86DC951"
          },
          {
            "criteria": "cpe:2.3:a:open_webmail:open_webmail:2.41:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C718757-E831-4C17-A9E6-BB31A20AC8EC"
          },
          {
            "criteria": "cpe:2.3:a:open_webmail:open_webmail:2.50:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DDE131E5-B180-4751-B81B-459CA0207DED"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References