Vulnerabilities > Squirrelmail > Squirrelmail > 1.2.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-08-06 | CVE-2004-0639 | HTML Injection vulnerability in SquirrelMail From Email Header Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable. | 6.8 |
| 2003-04-02 | CVE-2003-0160 | Unspecified vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser. network squirrelmail | 5.8 |
| 2002-12-31 | CVE-2002-2086 | Unspecified vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag. network squirrelmail | 4.3 |
| 2002-12-31 | CVE-2002-1650 | Remote Security vulnerability in Squirrelmail 1.2.2 The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter. | 7.5 |
| 2002-12-31 | CVE-2002-1649 | Unspecified vulnerability in Squirrelmail 1.2.2 Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag. network squirrelmail | 4.3 |
| 2002-12-31 | CVE-2002-1648 | Unspecified vulnerability in Squirrelmail 1.2.2 Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters. | 7.5 |
| 2002-10-04 | CVE-2002-1132 | Path Disclosure vulnerability in SquirrelMail Options.PHP Web Root SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script. | 5.0 |
| 2002-10-04 | CVE-2002-1131 | Cross-Site Scripting Vulnerablities in SquirrelMail Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php. | 7.5 |
| 2002-08-12 | CVE-2002-0516 | Remote Command Execution vulnerability in SquirrelMail Theme SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie. | 10.0 |