Inter7: >> Sqwebmail >> 3.6.0 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer.
CVSS Score
4.3
EPSS Score
0.008
Published
2005-08-30
SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.
CVSS Score
7.5
EPSS Score
0.031
Published
2005-04-15
Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.
CVSS Score
5.0
EPSS Score
0.003
Published
2004-12-31