CVE-2005-2769
EPSS 11.0%courier - missing input sanitising
Published: 9/2/2005Modified: 4/28/2026
Description
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail.
Affected packages (2)
- Debian/courierfrom 0, < 0.47-9
- Debian/courierfrom 0, < 0.37.3-2.7