Vulnerabilities > Squirrelmail > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-01-29 | CVE-2005-0104 | Unspecified vulnerability in Squirrelmail Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. network squirrelmail | 4.3 |
2005-01-29 | CVE-2005-0075 | Unspecified vulnerability in Squirrelmail prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers. | 5.0 |
2004-08-18 | CVE-2004-0520 | HTML Injection vulnerability in SquirrelMail Email Header Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. | 6.8 |
2004-08-18 | CVE-2004-0519 | Cross-Site Scripting vulnerability in SquirrelMail Folder Name Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. | 6.8 |
2004-08-06 | CVE-2004-0639 | HTML Injection vulnerability in SquirrelMail From Email Header Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable. | 6.8 |
2003-04-02 | CVE-2003-0160 | Unspecified vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser. network squirrelmail | 5.8 |
2002-12-31 | CVE-2002-2086 | Unspecified vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag. network squirrelmail | 4.3 |
2002-12-31 | CVE-2002-1649 | Unspecified vulnerability in Squirrelmail 1.2.2 Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag. network squirrelmail | 4.3 |
2002-12-18 | CVE-2002-1341 | Cross-Site Scripting vulnerability in SquirrelMail read_body.php Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters. network squirrelmail | 6.8 |
2002-11-29 | CVE-2002-1276 | Cross-Site Scripting vulnerability in Squirrelmail 1.2.8 An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks. network squirrelmail | 4.3 |