CVE-2005-2769

SqWebMail 5.0.4 - Cross-Site Scripting via Malformed HTML Email Tags

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2769. PoCs published by Jakob Balle.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 by injecting arbitrary JavaScript code via an HTML img tag with an onError event handler.

Description

Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jakob Balle · textwebappsphp

https://www.exploit-db.com/exploits/26200

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 by injecting arbitrary JavaScript code via an HTML img tag with an onError event handler.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: SqWebMail 5.0.4

No auth needed

Prerequisites: Victim must view the malicious HTML content in a vulnerable SqWebMail context

MITRE ATT&CK