CVE-2006-3229
Published Jun 27, 2006
Last updated a year ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML."
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F8D49632-690B-4014-86A4-29491126293C",
"versionEndIncluding": "2.52"
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B94ECAA-1148-4A84-93B4-56B56A0938AC"
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA86C04C-D31E-4B0B-A8E0-13A5FED7644E"
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.71:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62736A5C-7E68-4E47-9954-D62C913E3AF7"
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.81:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02D1462D-CC70-41CC-BAF4-48CD0ECAFD4A"
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:1.90:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50009537-0820-4CDB-94E1-2222040F234C"
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "693C80B3-C668-4F4F-B8A7-9AD4E56C024F"
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCEC7B40-834B-4476-8A0D-FDEA86C436D0"
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.21:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "467BEC56-9C42-4180-B422-F0099AF77B21"
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8"
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC478ABF-19F8-4195-AA37-23668E2474EC"
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3A87C77-5F6E-497D-A6A0-7D68D5E27E33"
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.41:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C718757-E831-4C17-A9E6-BB31A20AC8EC"
},
{
"criteria": "cpe:2.3:a:open_webmail:open_webmail:2.51:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8BEB39A-379D-4E81-AF38-4D798C771DAE"
}
],
"operator": "OR"
}
]
}
]