Vulnerabilities > Squirrelmail > Squirrelmail
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-08-06 | CVE-2004-0639 | HTML Injection vulnerability in SquirrelMail From Email Header Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable. | 6.8 |
| 2004-01-20 | CVE-2003-0990 | Remote Command Execution vulnerability in Squirrelmail G/PGP Encryption Plugin The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field. | 7.5 |
| 2003-04-02 | CVE-2003-0160 | Unspecified vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser. network squirrelmail | 5.8 |
| 2002-12-31 | CVE-2002-2086 | Unspecified vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag. network squirrelmail | 4.3 |
| 2002-12-31 | CVE-2002-1650 | Remote Security vulnerability in Squirrelmail 1.2.2 The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter. | 7.5 |
| 2002-12-31 | CVE-2002-1649 | Unspecified vulnerability in Squirrelmail 1.2.2 Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag. network squirrelmail | 4.3 |
| 2002-12-31 | CVE-2002-1648 | Unspecified vulnerability in Squirrelmail 1.2.2 Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters. | 7.5 |
| 2002-12-18 | CVE-2002-1341 | Cross-Site Scripting vulnerability in SquirrelMail read_body.php Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters. network squirrelmail | 6.8 |
| 2002-11-29 | CVE-2002-1276 | Cross-Site Scripting vulnerability in Squirrelmail 1.2.8 An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks. network squirrelmail | 4.3 |
| 2002-10-04 | CVE-2002-1132 | Path Disclosure vulnerability in SquirrelMail Options.PHP Web Root SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script. | 5.0 |