CVE-2005-0445
CVE-2005-0445 is a medium-severity vulnerability in Open Webmail with a CVSS 2.0 base score of 4.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 4.3)
- EPSS exploit prediction: 1% (68th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Open Webmail
- Published:
- Last modified:
Description
Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page.
Frequently asked questions
- What is CVE-2005-0445?
- Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page.
- How severe is CVE-2005-0445?
- CVE-2005-0445 has a CVSS 2.0 base score of 4.3, rated medium severity.
- Is CVE-2005-0445 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (68th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2005-0445?
- CVE-2005-0445 primarily affects Open Webmail. In total, 10 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2005-0445?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2005-0445 published?
- CVE-2005-0445 was published on 2005-05-02 and last updated on 2026-06-16.
References
- http://secunia.com/advisories/14253
- http://securitytracker.com/id?1013172
- http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt
- http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch
- http://www.securityfocus.com/bid/12547
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19335
Affected products (10)
- cpe:2.3:a:open_webmail:open_webmail:2.00:*:*:*:*:*:*:*
- cpe:2.3:a:open_webmail:open_webmail:2.01:*:*:*:*:*:*:*
- cpe:2.3:a:open_webmail:open_webmail:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:open_webmail:open_webmail:2.20:*:*:*:*:*:*:*
- cpe:2.3:a:open_webmail:open_webmail:2.21:*:*:*:*:*:*:*
- cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*
- cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*
- cpe:2.3:a:open_webmail:open_webmail:2.40:*:*:*:*:*:*:*
- cpe:2.3:a:open_webmail:open_webmail:2.41:*:*:*:*:*:*:*
- cpe:2.3:a:open_webmail:open_webmail:2.50:*:*:*:*:*:*:*
More vulnerabilities in Open Webmail
- CVE-2004-2284 — Critical (CVSS 10.0): The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute…
- CVE-2005-1435 — High (CVSS 7.5): Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell…
- CVE-2002-1385 — High (CVSS 7.2): openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot)…
- CVE-2006-2190 — Medium (CVSS 6.8): Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers…
- CVE-2004-0520 — Medium (CVSS 6.8): Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert…
- CVE-2004-0639 — Medium (CVSS 6.8): Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject…