Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sqwebmail | Inter7 | 3.4.1 (including) | 3.4.1 (including) |
| Sqwebmail | Inter7 | 3.5.0 (including) | 3.5.0 (including) |
| Sqwebmail | Inter7 | 3.5.1 (including) | 3.5.1 (including) |
| Sqwebmail | Inter7 | 3.5.2 (including) | 3.5.2 (including) |
| Sqwebmail | Inter7 | 3.5.3 (including) | 3.5.3 (including) |
| Sqwebmail | Inter7 | 3.6.0 (including) | 3.6.0 (including) |
| Sqwebmail | Inter7 | 3.6.1 (including) | 3.6.1 (including) |
| Sqwebmail | Inter7 | 4.0.4_2004-05-24 (including) | 4.0.4_2004-05-24 (including) |
| Sqwebmail | Inter7 | 4.0.5 (including) | 4.0.5 (including) |
| Sqwebmail | Inter7 | 4.0.6 (including) | 4.0.6 (including) |
| Sqwebmail | Inter7 | 4.0.7 (including) | 4.0.7 (including) |
| Sqwebmail | Inter7 | 5.0.0 (including) | 5.0.0 (including) |
| Sqwebmail | Inter7 | 5.0.1 (including) | 5.0.1 (including) |
| Sqwebmail | Inter7 | 5.0.4 (including) | 5.0.4 (including) |