Vulnerabilities > Squirrelmail
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-20 | CVE-2020-14933 | Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22 compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. | 8.8 |
2020-06-20 | CVE-2020-14932 | Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22 compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. | 9.8 |
2020-02-13 | CVE-2012-5623 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Squirrelmail Change Passwd 4.0 Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. | 7.5 |
2019-07-01 | CVE-2019-12970 | Cross-site Scripting vulnerability in Squirrelmail XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. | 6.1 |
2018-08-05 | CVE-2018-14955 | Cross-site Scripting vulnerability in Squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). | 6.1 |
2018-08-05 | CVE-2018-14954 | Cross-site Scripting vulnerability in Squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. | 6.1 |
2018-08-05 | CVE-2018-14953 | Cross-site Scripting vulnerability in Squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. | 6.1 |
2018-08-05 | CVE-2018-14952 | Cross-site Scripting vulnerability in Squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack. | 6.1 |
2018-08-05 | CVE-2018-14951 | Cross-site Scripting vulnerability in Squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack. | 6.1 |
2018-08-05 | CVE-2018-14950 | Cross-site Scripting vulnerability in Squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack. | 6.1 |