Total
67 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0520 | 3 Open Webmail, Sgi, Squirrelmail | 3 Open Webmail, Propack, Squirrelmail | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. | |||||
CVE-2002-1649 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag. | |||||
CVE-2002-1650 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-04 | 7.5 HIGH | N/A |
The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter. | |||||
CVE-2003-0160 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-04 | 5.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser. | |||||
CVE-2002-2086 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag. | |||||
CVE-2004-0521 | 2 Sgi, Squirrelmail | 2 Propack, Squirrelmail | 2024-02-04 | 10.0 HIGH | N/A |
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php. | |||||
CVE-2003-0990 | 1 Squirrelmail | 2 Gpg Plugin, Squirrelmail | 2024-02-04 | 7.5 HIGH | N/A |
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field. |