CVE-2005-2769 | Vulnerability Database | Aqua Security

Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain > or other special characters, which is not properly sanitized by SqWebMail.

Affected Software

Name	Vendor	Start Version	End Version
Sqwebmail	Inter7	5.0.4 (including)	5.0.4 (including)
Courier	Ubuntu	dapper	*
Courier	Ubuntu	devel	*
Courier	Ubuntu	edgy	*
Courier	Ubuntu	feisty	*

References

http://marc.info/?l=bugtraq\u0026m=112534112715638\u0026w=2
http://seclists.org/fulldisclosure/2005/Aug/975
http://secunia.com/advisories/16600/
http://secunia.com/advisories/17156
http://secunia.com/secunia_research/2005-39/advisory/
http://www.securityfocus.com/bid/14676
http://www.ubuntu.com/usn/usn-201-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/22043
http://marc.info/?l=bugtraq\u0026m=112534112715638\u0026w=2
http://seclists.org/fulldisclosure/2005/Aug/975
http://secunia.com/advisories/16600/
http://secunia.com/advisories/17156
http://secunia.com/secunia_research/2005-39/advisory/
http://www.securityfocus.com/bid/14676
http://www.ubuntu.com/usn/usn-201-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/22043

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-2769
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html