First published: Fri May 19 2006(Updated: )
Cross-site scripting (XSS) vulnerability in index.html in IceWarp WebMail 5.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
IceWarp WebMail Server | =4.1.5 | |
IceWarp WebMail Server | =3.5.0 | |
IceWarp WebMail Server | =3.4.1 | |
IceWarp WebMail Server | =3.3.1 | |
IceWarp WebMail Server | =5.2.7 | |
IceWarp WebMail Server | =5.2.8 | |
IceWarp WebMail Server | =3.4.2 | |
IceWarp WebMail Server | =1.40.00 | |
IceWarp WebMail Server | =1.40.10 | |
IceWarp WebMail Server | =3.5.1 | |
IceWarp WebMail Server | =3.1.4 | |
IceWarp WebMail Server | =5.3.1 | |
IceWarp WebMail Server | =5.4 | |
IceWarp WebMail Server | =5.5.1 | |
IceWarp WebMail Server | =4.1.4 | |
IceWarp WebMail Server | =5.3.2 | |
IceWarp WebMail Server | =3.3.2 | |
IceWarp WebMail Server | =5.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2006-2484 has been classified as a medium severity vulnerability due to its potential for exploitation via cross-site scripting.
To fix CVE-2006-2484, users should upgrade IceWarp WebMail to version 5.5.1 or later, as this version addresses the XSS vulnerability.
CVE-2006-2484 affects various versions of IceWarp WebMail, specifically versions 5.5.1 and earlier.
Yes, CVE-2006-2484 allows remote attackers to execute arbitrary web scripts or HTML through a vulnerability in the PHPSESSID parameter.
CVE-2006-2484 is a cross-site scripting (XSS) vulnerability.