6.8 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
69.4%
SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while βcookie theftβ is frequently associated with XSS, the vendor disclosure is too vague to be certain of this.
CPE | Name | Operator | Version |
---|---|---|---|
squirrelmail:squirrelmail | squirrelmail | eq | 1.4.6 |