Vulnerabilities > Squirrelmail > Squirrelmail > 1.4.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-05-13 | CVE-2007-2631 | Cross-Site Request Forgery vulnerability in SquirelMail Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. | 7.5 |
| 2007-05-11 | CVE-2007-2589 | Cross-Site Request Forgery (CSRF) vulnerability in Squirrelmail Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element. | 5.0 |
| 2007-05-11 | CVE-2007-1262 | Cross-Site Scripting vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. | 4.3 |
| 2006-06-23 | CVE-2006-3174 | Cross-Site Scripting vulnerability in SquirrelMail Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter. | 2.6 |