Vulnerabilities > CVE-2002-1276 - Unspecified vulnerability in Squirrelmail 1.2.8
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN squirrelmail
nessus
Summary
An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family CGI abuses : XSS NASL id SQUIRREMAIL_CROSS_SITE_SCRIPTING.NASL description The remote host seems to be vulnerable to a security problem in SquirrelMail. The last seen 2020-06-01 modified 2020-06-02 plugin id 11415 published 2003-03-19 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11415 title SquirrelMail 1.2.9 / 1.2.10 read_body.php Multiple Parameter XSS NASL family Debian Local Security Checks NASL id DEBIAN_DSA-191.NASL description Several cross site scripting vulnerabilities have been found in squirrelmail, a feature-rich webmail package written in PHP4. The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities : - CAN-2002-1131: User input is not always sanitized so execution of arbitrary code on a client computer is possible. This can happen after following a malicious URL or by viewing a malicious addressbook entry. - CAN-2002-1132: Another problem could make it possible for an attacker to gain sensitive information under some conditions. When a malformed argument is appended to a link, an error page will be generated which contains the absolute pathname of the script. However, this information is available through the Contents file of the distribution anyway. These problems have been fixed in version 1.2.6-1.1 for the current stable distribution (woody) and in version 1.2.8-1.1 for the unstable distribution (sid). The old stable distribution (potato) is not affected since it doesn last seen 2020-06-01 modified 2020-06-02 plugin id 15028 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15028 title Debian DSA-191-1 : squirrelmail - XSS
Redhat
| advisories |
|