VYPR
Unrated severityNVD Advisory· Published Feb 4, 2006· Updated Jun 16, 2026

CVE-2006-0536

CVE-2006-0536

Description

Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. NOTE: some sources say that the affected parameter is "date," but the demonstration URL shows that it is "sort".

Affected products

2
  • Neomail/Neomail2 versions
    cpe:2.3:a:neomail:neomail:1.27:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:neomail:neomail:1.27:*:*:*:*:*:*:*
    • (no CPE)range: = 1.27

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.