CVE-2005-2724

EPSS 0.80%

courier - missing input sanitising

Published: 8/30/2005Modified: 4/28/2026

Also known as:DEBIAN-CVE-2005-2724

Description

Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer.

Affected packages (2)

Debian/courierfrom 0, < 0.47-8
Debian/courierfrom 0, < 0.37.3-2.6

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2005-2724