Vulnerabilities > Squirrelmail > Squirrelmail > 1.4.21
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-07-14 | CVE-2010-4555 | Cross-Site Scripting vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page. | 4.3 |
2011-07-14 | CVE-2010-4554 | Improper Input Validation vulnerability in Squirrelmail functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | 4.3 |
2006-06-23 | CVE-2006-3174 | Cross-Site Scripting vulnerability in SquirrelMail Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter. | 2.6 |