Cross-Site Scripting Vulnerability in IceWarp WebMail by IceWarp
CVE-2006-2484

Currently unrated

Key Information:

Vendor: Icewarp
Status: Web Mail
Vendor: CVE Published:; 19 May 2006

What is CVE-2006-2484?

A Cross-Site Scripting (XSS) vulnerability exists in IceWarp WebMail versions 5.5.1 and earlier that allows remote attackers to inject arbitrary scripts or HTML through the PHPSESSID parameter. This could potentially lead to unauthorized actions being performed on behalf of unsuspecting users and compromise sensitive information.

References

http://www.securityfocus.com/archive/1/434121/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/17995

vdb-entryx_refsource_BID

http://securityreason.com/securityalert/925

third-party-advisoryx_refsource_SREASON

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2006
Vulnerability Reserved
May 19, 2006

JSON

Icewarp

What is CVE-2006-2484?

References

Timeline