CVE-2004-0591
SqWebMail <= 4.0.4 - Cross-Site Scripting via Email Headers or MIME Content-Type
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2004-0591. PoCs published by Luca Legato.
AI-analyzed exploit summary This is a writeup describing an HTML injection vulnerability in SqWebMail via malformed email headers. It provides steps to exploit the issue by sending raw email messages with malicious scripts in headers or MIME content.
Description
Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type.
Exploits (1)
This is a writeup describing an HTML injection vulnerability in SqWebMail via malformed email headers. It provides steps to exploit the issue by sending raw email messages with malicious scripts in headers or MIME content.