Lucene search

[email protected]CVE-2002-1649

HistoryMar 28, 2005 - 5:00 a.m.

CVE-2002-1649

2005-03-2805:00:00

[email protected]

web.nvd.nist.gov

cve-2002-1649

cross-site scripting

xss

squirrelmail

security vulnerability

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.6%

JSON

Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag.

Affected configurations

NVD

Node

squirrelmailsquirrelmailMatch1.2.2

CPENameOperatorVersion
squirrelmail:squirrelmailsquirrelmaileq1.2.2

CPE	Name	Operator	Version
squirrelmail:squirrelmail	squirrelmail	eq	1.2.2

References

archives.neohapsis.com/archives/bugtraq/2002-01/0310.html

www.kb.cert.org/vuls/id/153043

www.securityfocus.com/bid/3956

exchange.xforce.ibmcloud.com/vulnerabilities/7989

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.6%

JSON

Related for CVE-2002-1649

nvd1 cvelist1 redhatcve1