Open Webmail 2.41 is susceptible to cross site scripting attacks.
93ea05d29c12a308bbb9e008504aac101b3c0d0d4be430fd8246c908adafe22a
Discovered by s3cure
Risk: small
When we are logged on account we see:
http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin*-session-0.274744641575129&action=listmessages_afterlogin
Now we can do small xss:
http://site.site/cgi-bin/openwebmail/openwebmail-main.pl?sessionid=yourlogin*-session-here xss&action=listmessages_afterlogin
Ofcourse we can do a lots of other things but ... It's now your job.