CVE-2004-0591
courier - cross-site scripting
EPSS 13.9%
Description
Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type.
How to fix CVE-2004-0591
To remediate CVE-2004-0591, upgrade the affected package to a fixed version below.
- Debian/courier—upgrade to 0.45.4-4 or later
- Debian/courier—upgrade to 0.37.3-2.5 or later
Is CVE-2004-0591 being exploited?
Moderate — EPSS is 13.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 0.45.4-4
- from 0, < 0.37.3-2.5