Neomail: >> Neomail Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter.
CVSS Score
4.3
EPSS Score
0.076
Published
2006-05-02
The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled.
CVSS Score
5.0
EPSS Score
0.006
Published
2006-02-15
Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. NOTE: some sources say that the affected parameter is "date," but the demonstration URL shows that it is "sort".
CVSS Score
4.3
EPSS Score
0.005
Published
2006-02-04