CVE-2006-2484

Published: May 19, 2006Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in index.html in IceWarp WebMail 5.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter.

Affected (18)

Products: Icewarp: Web Mail

Icewarp

1 product

Web Mail

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Icewarp Web Mail	Version 1.40.00
Icewarp Web Mail	Version 1.40.10
Icewarp Web Mail	Version 3.1.4
Icewarp Web Mail	Version 3.3.1
Icewarp Web Mail	Version 3.3.2
Icewarp Web Mail	Version 3.4.1
Icewarp Web Mail	Version 3.4.2
Icewarp Web Mail	Version 3.5.0
Icewarp Web Mail	Version 3.5.1
Icewarp Web Mail	Version 4.1.4
Icewarp Web Mail	Version 4.1.5
Icewarp Web Mail	Version 5.2.7
Icewarp Web Mail	Version 5.2.8
Icewarp Web Mail	Version 5.3.1
Icewarp Web Mail	Version 5.3.2
Icewarp Web Mail	Version 5.3
Icewarp Web Mail	Version 5.4
Icewarp Web Mail	Version 5.5.1