Vulnerabilities > Squirrelmail > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-01 | CVE-2019-12970 | Cross-site Scripting vulnerability in Squirrelmail XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. | 6.1 |
| 2018-08-05 | CVE-2018-14955 | Cross-site Scripting vulnerability in Squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). | 6.1 |
| 2018-08-05 | CVE-2018-14954 | Cross-site Scripting vulnerability in Squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. | 6.1 |
| 2018-08-05 | CVE-2018-14953 | Cross-site Scripting vulnerability in Squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. | 6.1 |
| 2018-08-05 | CVE-2018-14952 | Cross-site Scripting vulnerability in Squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack. | 6.1 |
| 2018-08-05 | CVE-2018-14951 | Cross-site Scripting vulnerability in Squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack. | 6.1 |
| 2018-08-05 | CVE-2018-14950 | Cross-site Scripting vulnerability in Squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack. | 6.1 |
| 2010-06-22 | CVE-2010-1637 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. | 6.5 |