header-logo
Suggest Exploit
vendor:
SqWebMail
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Script Injection
79
CWE
Product Name: SqWebMail
Affected Version From: 5.0.4
Affected Version To: 5.0.4
Patch Exists: YES
Related CWE: N/A
CPE: sqwebmail
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

SqWebMail Remote Script Injection Vulnerability

SqWebMail is affected by a vulnerability that may allow remote attackers to inject and execute arbitrary script code in a user's browser. This may allow for various attacks including session hijacking due to the theft of user credentials.

Mitigation:

Users should avoid visiting untrusted websites and clicking on suspicious links.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14676/info

SqWebMail is affected by a vulnerability that may allow remote attackers to inject and execute arbitrary script code in a user's browser.

This may allow for various attacks including session hijacking due to the theft of user credentials.

SqWebMail 5.0.4 is reportedly vulnerable to this issue. It is possible that other versions are affected as well. 

<img src="cid:>" onError="alert(document.domain);">