CVE-2005-2769

Vulnerability

SqWebMail 5.0.4 (and possibly other versions) fails to properly sanitize HTML emails containing tags with strings that include ">" or other special characters [3]. This allows an attacker to inject arbitrary HTML or script code into emails viewed by users.

Exploitation

An attacker sends an HTML email to a SqWebMail user containing malicious tags, e.g., " onError="alert(document.domain);"> [3][4]. The email's content is not sanitized, so when the user views the email, the injected script executes in the context of the SqWebMail server.

Impact

Successful exploitation leads to cross-site scripting, allowing execution of arbitrary script code in the user's browser within the SqWebMail domain. This could result in session hijacking, credential theft, or other malicious actions [3].

Mitigation

At the time of disclosure (August 2005), no official patch was available. The advisory recommended disabling HTML email viewing or applying input filtering [3]. Users should upgrade to a fixed version if available; later versions of SqWebMail likely address this issue.