Vulnerabilities > Squirrelmail

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-20	CVE-2020-14933	Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22 compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. network low complexity squirrelmail CWE-502	8.8
2020-06-20	CVE-2020-14932	Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22 compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. network low complexity squirrelmail CWE-502	7.5
2020-02-13	CVE-2012-5623	Use of a Broken or Risky Cryptographic Algorithm vulnerability in Squirrelmail Change Passwd 4.0 Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. network low complexity squirrelmail CWE-327	5.0
2019-07-01	CVE-2019-12970	Cross-site Scripting vulnerability in Squirrelmail XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. network squirrelmail CWE-79	4.3
2018-08-05	CVE-2018-14955	Cross-site Scripting vulnerability in Squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). network low complexity squirrelmail CWE-79	6.1
2018-08-05	CVE-2018-14954	Cross-site Scripting vulnerability in Squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. network low complexity squirrelmail CWE-79	6.1
2018-08-05	CVE-2018-14953	Cross-site Scripting vulnerability in Squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. network low complexity squirrelmail CWE-79	6.1
2018-08-05	CVE-2018-14952	Cross-site Scripting vulnerability in Squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack. network low complexity squirrelmail CWE-79	6.1
2018-08-05	CVE-2018-14951	Cross-site Scripting vulnerability in Squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack. network low complexity squirrelmail CWE-79	6.1
2018-08-05	CVE-2018-14950	Cross-site Scripting vulnerability in Squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack. network low complexity squirrelmail CWE-79	6.1

Vulnerabilities > Squirrelmail {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Squirrelmail"}]}

Vulnerabilities > Squirrelmail