5.5 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.02 Low
EPSS
Percentile
88.7%
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving “a shortcoming in the magicHTML filter.”
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
docs.info.apple.com/article.html?artnum=306172
fedoranews.org/cms/node/2438
fedoranews.org/cms/node/2439
lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
secunia.com/advisories/23195
secunia.com/advisories/23322
secunia.com/advisories/23409
secunia.com/advisories/23504
secunia.com/advisories/23811
secunia.com/advisories/24004
secunia.com/advisories/24284
secunia.com/advisories/26235
securitytracker.com/id?1017327
sourceforge.net/project/shownotes.php?release_id=468482
squirrelmail.org/security/issue/2006-12-02
www.debian.org/security/2006/dsa-1241
www.mandriva.com/security/advisories?name=MDKSA-2006:226
www.novell.com/linux/security/advisories/2006_29_sr.html
www.novell.com/linux/security/advisories/2007_4_sr.html
www.redhat.com/support/errata/RHSA-2007-0022.html
www.securityfocus.com/bid/21414
www.securityfocus.com/bid/25159
www.vupen.com/english/advisories/2006/4828
www.vupen.com/english/advisories/2007/2732
exchange.xforce.ibmcloud.com/vulnerabilities/30693
exchange.xforce.ibmcloud.com/vulnerabilities/30694
exchange.xforce.ibmcloud.com/vulnerabilities/30695
issues.rpath.com/browse/RPL-849
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988