6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.02 Low
EPSS
Percentile
88.7%
CentOS Errata and Security Advisory CESA-2007:0022
SquirrelMail is a standards-based webmail package written in PHP.
Several cross-site scripting bugs were discovered in SquirrelMail. An
attacker could inject arbitrary Javascript or HTML content into
SquirrelMail pages by tricking a user into visiting a carefully crafted
URL. (CVE-2006-6142)
Users of SquirrelMail should upgrade to this erratum package, which
contains a backported patch to correct these issues.
Notes:
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-February/075662.html
https://lists.centos.org/pipermail/centos-announce/2007-February/075663.html
https://lists.centos.org/pipermail/centos-announce/2007-February/075664.html
https://lists.centos.org/pipermail/centos-announce/2007-February/075665.html
https://lists.centos.org/pipermail/centos-announce/2007-January/075649.html
https://lists.centos.org/pipermail/centos-announce/2007-January/075650.html
Affected packages:
squirrelmail
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0022
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | noarch | squirrelmail | < 1.4.8-4.el3.centos.1 | squirrelmail-1.4.8-4.el3.centos.1.noarch.rpm |
CentOS | 3 | noarch | squirrelmail | < 1.4.8-4.el3.centos.1 | squirrelmail-1.4.8-4.el3.centos.1.noarch.rpm |
CentOS | 4 | noarch | squirrelmail | < 1.4.8-4.el4 | squirrelmail-1.4.8-4.el4.noarch.rpm |
CentOS | 4 | noarch | squirrelmail | < 1.4.8-4.el4 | squirrelmail-1.4.8-4.el4.noarch.rpm |
CentOS | 4 | noarch | squirrelmail | < 1.4.8-4.el4 | squirrelmail-1.4.8-4.el4.noarch.rpm |
CentOS | 4 | noarch | squirrelmail | < 1.4.8-4.el4 | squirrelmail-1.4.8-4.el4.noarch.rpm |
CentOS | 4 | noarch | squirrelmail | < 1.4.8-4.el4 | squirrelmail-1.4.8-4.el4.noarch.rpm |