Vulnerabilities > CVE-2002-1341 - Cross-Site Scripting vulnerability in SquirrelMail read_body.php
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Nessus
NASL family CGI abuses : XSS NASL id SQUIRREMAIL_CROSS_SITE_SCRIPTING.NASL description The remote host seems to be vulnerable to a security problem in SquirrelMail. The last seen 2020-06-01 modified 2020-06-02 plugin id 11415 published 2003-03-19 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11415 title SquirrelMail 1.2.9 / 1.2.10 read_body.php Multiple Parameter XSS NASL family Debian Local Security Checks NASL id DEBIAN_DSA-220.NASL description A cross site scripting vulnerability has been discovered in squirrelmail, a feature-rich webmail package written in PHP4. Squirrelmail doesn last seen 2020-06-01 modified 2020-06-02 plugin id 15057 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15057 title Debian DSA-220-1 : squirrelmail - XSS
Redhat
| advisories |
|
References
- http://f0kp.iplus.ru/bz/008.txt
- http://marc.info/?l=bugtraq&m=103893844126484&w=2
- http://marc.info/?l=bugtraq&m=103911130503272&w=2
- http://marc.info/?l=bugtraq&m=104004924002662&w=2
- http://secunia.com/advisories/8220
- http://www.debian.org/security/2002/dsa-220
- http://www.redhat.com/support/errata/RHSA-2003-042.html
- http://www.securityfocus.com/bid/6302
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10754