Vulnerabilities (CVE)

Filtered by vendor Inter7 Subscribe
Filtered by product Sqwebmail
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-2820 1 Inter7 1 Sqwebmail 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]".
CVE-2005-2769 1 Inter7 1 Sqwebmail 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail.
CVE-2005-2724 1 Inter7 1 Sqwebmail 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer.
CVE-2005-1308 1 Inter7 1 Sqwebmail 2024-11-20 7.5 HIGH N/A
SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.
CVE-2004-2313 1 Inter7 1 Sqwebmail 2024-11-20 5.0 MEDIUM N/A
Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.
CVE-2004-0591 1 Inter7 1 Sqwebmail 2024-11-20 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type.