Lucene search

MitreCVE-2004-0639

HistoryAug 06, 2004 - 4:00 a.m.

CVE-2004-0639

2004-08-0604:00:00

mitre

web.nvd.nist.gov

cve

2004

0639

cross-site scripting

xss

vulnerabilities

squirrelmail

remote attackers

html

script

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.8

Confidence

High

EPSS

0.033

Percentile

91.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.

Affected configurations

Nvd

Node

open_webmailopen_webmailMatch2.30

open_webmailopen_webmailMatch2.31

open_webmailopen_webmailMatch2.32

sgipropackMatch3.0

squirrelmailsquirrelmailMatch1.2.0

squirrelmailsquirrelmailMatch1.2.1

squirrelmailsquirrelmailMatch1.2.2

squirrelmailsquirrelmailMatch1.2.3

squirrelmailsquirrelmailMatch1.2.4

squirrelmailsquirrelmailMatch1.2.5

squirrelmailsquirrelmailMatch1.2.6

squirrelmailsquirrelmailMatch1.2.7

squirrelmailsquirrelmailMatch1.2.8

squirrelmailsquirrelmailMatch1.2.9

squirrelmailsquirrelmailMatch1.2.10

squirrelmailsquirrelmailMatch1.2.11

squirrelmailsquirrelmailMatch1.4

squirrelmailsquirrelmailMatch1.4.1

squirrelmailsquirrelmailMatch1.4.2

squirrelmailsquirrelmailMatch1.4.3_rc1

squirrelmailsquirrelmailMatch1.5_dev

VendorProductVersionCPE
open_webmailopen_webmail2.30cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*
open_webmailopen_webmail2.31cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*
open_webmailopen_webmail2.32cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*
sgipropack3.0cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.2.0cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.2.1cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.2.2cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.2.3cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.2.4cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.2.5cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
open_webmail	open_webmail	2.30	cpe:2.3:a:open_webmail:open_webmail:2.30:::::::*
open_webmail	open_webmail	2.31	cpe:2.3:a:open_webmail:open_webmail:2.31:::::::*
open_webmail	open_webmail	2.32	cpe:2.3:a:open_webmail:open_webmail:2.32:::::::*
sgi	propack	3.0	cpe:2.3:a:sgi:propack:3.0:::::::*
squirrelmail	squirrelmail	1.2.0	cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:::::::*
squirrelmail	squirrelmail	1.2.1	cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:::::::*
squirrelmail	squirrelmail	1.2.2	cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:::::::*
squirrelmail	squirrelmail	1.2.3	cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:::::::*
squirrelmail	squirrelmail	1.2.4	cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:::::::*
squirrelmail	squirrelmail	1.2.5	cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:::::::*