Vulnerabilities > Squirrelmail

DATE CVE VULNERABILITY TITLE RISK
2020-06-20 CVE-2020-14933 Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request.
network
low complexity
squirrelmail CWE-502
8.8
2020-06-20 CVE-2020-14932 Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request.
network
low complexity
squirrelmail CWE-502
7.5
2020-02-13 CVE-2012-5623 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Squirrelmail Change Passwd 4.0
Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.
network
low complexity
squirrelmail CWE-327
5.0
2019-07-01 CVE-2019-12970 Cross-site Scripting vulnerability in Squirrelmail
XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2.
4.3
2018-08-05 CVE-2018-14955 Cross-site Scripting vulnerability in Squirrelmail
The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).
network
low complexity
squirrelmail CWE-79
6.1
2018-08-05 CVE-2018-14954 Cross-site Scripting vulnerability in Squirrelmail
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.
network
low complexity
squirrelmail CWE-79
6.1
2018-08-05 CVE-2018-14953 Cross-site Scripting vulnerability in Squirrelmail
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.
network
low complexity
squirrelmail CWE-79
6.1
2018-08-05 CVE-2018-14952 Cross-site Scripting vulnerability in Squirrelmail
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.
network
low complexity
squirrelmail CWE-79
6.1
2018-08-05 CVE-2018-14951 Cross-site Scripting vulnerability in Squirrelmail
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.
network
low complexity
squirrelmail CWE-79
6.1
2018-08-05 CVE-2018-14950 Cross-site Scripting vulnerability in Squirrelmail
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack.
network
low complexity
squirrelmail CWE-79
6.1