CVE-2004-0591

SqWebMail <= 4.0.4 - Cross-Site Scripting via Email Headers or MIME Content-Type

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0591. PoCs published by Luca Legato.

AI-analyzed exploit summary This is a writeup describing an HTML injection vulnerability in SqWebMail via malformed email headers. It provides steps to exploit the issue by sending raw email messages with malicious scripts in headers or MIME content.

Description

Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Luca Legato · textwebappsphp
https://www.exploit-db.com/exploits/24227

This is a writeup describing an HTML injection vulnerability in SqWebMail via malformed email headers. It provides steps to exploit the issue by sending raw email messages with malicious scripts in headers or MIME content.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: SqWebMail (version not specified)
No auth needed
Prerequisites: Access to an SMTP server to send raw emails · Victim interaction (viewing the malicious email)
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200408-02.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16467
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11918/
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2004/dsa-533
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108786212220140&w=2
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10588

Scores

EPSS 0.0497
EPSS Percentile 91.2%

Details

Status published
Products (1)
inter7/sqwebmail 4.0.4
Published Aug 06, 2004
Tracked Since Feb 18, 2026