Vulnerabilities > Squirrelmail > Squirrelmail > 1.4.22

DATE CVE VULNERABILITY TITLE RISK
2020-06-20 CVE-2020-14933 Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request.
network
low complexity
squirrelmail CWE-502
8.8
8.8
2020-06-20 CVE-2020-14932 Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request.
network
low complexity
squirrelmail CWE-502
critical
 9.8
9.8
2019-07-01 CVE-2019-12970 Cross-site Scripting vulnerability in Squirrelmail
XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2.
network
low complexity
squirrelmail CWE-79
6.1
6.1
2018-08-05 CVE-2018-14955 Cross-site Scripting vulnerability in Squirrelmail
The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).
network
low complexity
squirrelmail CWE-79
6.1
6.1
2018-08-05 CVE-2018-14954 Cross-site Scripting vulnerability in Squirrelmail
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.
network
low complexity
squirrelmail CWE-79
6.1
6.1
2018-08-05 CVE-2018-14953 Cross-site Scripting vulnerability in Squirrelmail
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.
network
low complexity
squirrelmail CWE-79
6.1
6.1
2018-08-05 CVE-2018-14952 Cross-site Scripting vulnerability in Squirrelmail
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.
network
low complexity
squirrelmail CWE-79
6.1
6.1
2018-08-05 CVE-2018-14951 Cross-site Scripting vulnerability in Squirrelmail
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.
network
low complexity
squirrelmail CWE-79
6.1
6.1
2018-08-05 CVE-2018-14950 Cross-site Scripting vulnerability in Squirrelmail
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack.
network
low complexity
squirrelmail CWE-79
6.1
6.1
2018-03-17 CVE-2018-8741 Path Traversal vulnerability in multiple products
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.
network
low complexity
squirrelmail debian CWE-22
8.8
8.8