2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2006-3229" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2006-06-27T01:05:00.000" ,
2024-11-22 03:16:05 +00:00
"lastModified" : "2024-11-21T00:13:07.480" ,
2023-04-24 12:24:31 +02:00
"vulnStatus" : "Modified" ,
2024-12-08 03:06:42 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to \"openwebmailerror calls that need to display HTML.\""
} ,
{
"lang" : "es" ,
"value" : "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Open WebMail (OWM) v2.52, otras versiones lanzadas con anteriorioridad a 12/05/2006, permite a atacantes remotos inyectar c\u00f3digo web o HTML a trav\u00e9s de los campos (1)A: y (2) Desde: en openwebmail-main.pl, y probablemente (3) otros vectores no especificados relacionados con llamadas \"openwebmailerror que necesitan mostrar HTML.\""
}
] ,
"metrics" : {
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N" ,
2024-11-22 03:16:05 +00:00
"baseScore" : 4.3 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "PARTIAL" ,
2024-11-22 03:16:05 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 8.6 ,
"impactScore" : 2.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : true
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "NVD-CWE-Other"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:open_webmail:open_webmail:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "2.52" ,
"matchCriteriaId" : "F8D49632-690B-4014-86A4-29491126293C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:open_webmail:open_webmail:1.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9B94ECAA-1148-4A84-93B4-56B56A0938AC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:open_webmail:open_webmail:1.8:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DA86C04C-D31E-4B0B-A8E0-13A5FED7644E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:open_webmail:open_webmail:1.71:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "62736A5C-7E68-4E47-9954-D62C913E3AF7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:open_webmail:open_webmail:1.81:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "02D1462D-CC70-41CC-BAF4-48CD0ECAFD4A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:open_webmail:open_webmail:1.90:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "50009537-0820-4CDB-94E1-2222040F234C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:open_webmail:open_webmail:2.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "693C80B3-C668-4F4F-B8A7-9AD4E56C024F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:open_webmail:open_webmail:2.20:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FCEC7B40-834B-4476-8A0D-FDEA86C436D0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:open_webmail:open_webmail:2.21:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "467BEC56-9C42-4180-B422-F0099AF77B21"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9FCF6241-3F7C-4867-8D2E-CCA1BEFCA9D8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "EC478ABF-19F8-4195-AA37-23668E2474EC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E3A87C77-5F6E-497D-A6A0-7D68D5E27E33"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:open_webmail:open_webmail:2.41:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5C718757-E831-4C17-A9E6-BB31A20AC8EC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:open_webmail:open_webmail:2.51:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B8BEB39A-379D-4E81-AF38-4D798C771DAE"
}
]
}
]
}
] ,
"references" : [
{
2023-11-07 21:03:21 +00:00
"url" : "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235%3Brev2=236" ,
2023-04-24 12:24:31 +02:00
"source" : "cve@mitre.org"
} ,
{
"url" : "http://openwebmail.org/openwebmail/doc/changes.txt" ,
"source" : "cve@mitre.org"
} ,
2023-11-07 21:03:21 +00:00
{
"url" : "http://secunia.com/advisories/20714" ,
"source" : "cve@mitre.org"
} ,
2023-04-24 12:24:31 +02:00
{
"url" : "http://www.attrition.org/pipermail/vim/2006-June/000902.html" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Patch"
]
} ,
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309" ,
"source" : "cve@mitre.org"
2024-11-22 03:16:05 +00:00
} ,
{
"url" : "http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235%3Brev2=236" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://openwebmail.org/openwebmail/doc/changes.txt" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://secunia.com/advisories/20714" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.attrition.org/pipermail/vim/2006-June/000902.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch"
]
} ,
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27309" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
2023-04-24 12:24:31 +02:00
}
]
}
