Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Squirrelmail Subscribe
Filtered by product Squirrelmail
Total 67 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-0520 3 Open Webmail, Sgi, Squirrelmail 3 Open Webmail, Propack, Squirrelmail 2024-02-04 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
CVE-2002-1649 1 Squirrelmail 1 Squirrelmail 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag.
CVE-2002-1650 1 Squirrelmail 1 Squirrelmail 2024-02-04 7.5 HIGH N/A
The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.
CVE-2003-0160 1 Squirrelmail 1 Squirrelmail 2024-02-04 5.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.
CVE-2002-2086 1 Squirrelmail 1 Squirrelmail 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag.
CVE-2004-0521 2 Sgi, Squirrelmail 2 Propack, Squirrelmail 2024-02-04 10.0 HIGH N/A
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
CVE-2003-0990 1 Squirrelmail 2 Gpg Plugin, Squirrelmail 2024-02-04 7.5 HIGH N/A
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.