Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail before 2.53 (Stable) allow remote attackers to inject arbitrary web script or HTML via unknown vectors.