• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Open WebMail Logindomain Parameter Cross-Site Scripting Vulnerability

Open WebMail is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.

The problem presents itself when malicious HTML and script code is sent to the application through the 'logindomain' parameter.

This vulnerability has been reported to exist in Open WebMail versions 2.50 20050212 and prior.