Detections
Analytics

CVE-2007-4172

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35754

http://www.securityfocus.com/bid/25175

http://securityreason.com/securityalert/2965

http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html

Details

Source: Mitre, NVD

Published: 2007-08-07

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00285