Lucene search

K
cveMitreCVE-2008-2379
HistoryDec 05, 2008 - 12:30 a.m.

CVE-2008-2379

2008-12-0500:30:00
CWE-79
mitre
web.nvd.nist.gov
46
cve-2008-2379
cross-site scripting
xss vulnerability
squirrelmail
email security
web script injection

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

High

EPSS

0.003

Percentile

71.1%

Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.

Affected configurations

Nvd
Node
squirrelmailsquirrelmailRange1.4.16
OR
squirrelmailsquirrelmailMatch0.1
OR
squirrelmailsquirrelmailMatch0.1.1
OR
squirrelmailsquirrelmailMatch0.1.2
OR
squirrelmailsquirrelmailMatch0.2
OR
squirrelmailsquirrelmailMatch0.2.1
OR
squirrelmailsquirrelmailMatch0.3
OR
squirrelmailsquirrelmailMatch0.3.1
OR
squirrelmailsquirrelmailMatch0.3pre1
OR
squirrelmailsquirrelmailMatch0.3pre2
OR
squirrelmailsquirrelmailMatch0.4
OR
squirrelmailsquirrelmailMatch0.4pre1
OR
squirrelmailsquirrelmailMatch0.4pre2
OR
squirrelmailsquirrelmailMatch0.5
OR
squirrelmailsquirrelmailMatch0.5pre1
OR
squirrelmailsquirrelmailMatch0.5pre2
OR
squirrelmailsquirrelmailMatch1.0
OR
squirrelmailsquirrelmailMatch1.0.1
OR
squirrelmailsquirrelmailMatch1.0.2
OR
squirrelmailsquirrelmailMatch1.0.3
OR
squirrelmailsquirrelmailMatch1.0.4
OR
squirrelmailsquirrelmailMatch1.0.5
OR
squirrelmailsquirrelmailMatch1.0.6
OR
squirrelmailsquirrelmailMatch1.0pre1
OR
squirrelmailsquirrelmailMatch1.0pre2
OR
squirrelmailsquirrelmailMatch1.0pre3
OR
squirrelmailsquirrelmailMatch1.1.0
OR
squirrelmailsquirrelmailMatch1.1.1
OR
squirrelmailsquirrelmailMatch1.1.2
OR
squirrelmailsquirrelmailMatch1.1.3
OR
squirrelmailsquirrelmailMatch1.2.0
OR
squirrelmailsquirrelmailMatch1.2.0_rc3
OR
squirrelmailsquirrelmailMatch1.2.1
OR
squirrelmailsquirrelmailMatch1.2.2
OR
squirrelmailsquirrelmailMatch1.2.3
OR
squirrelmailsquirrelmailMatch1.2.4
OR
squirrelmailsquirrelmailMatch1.2.5
OR
squirrelmailsquirrelmailMatch1.2.6
OR
squirrelmailsquirrelmailMatch1.2.7
OR
squirrelmailsquirrelmailMatch1.3.0
OR
squirrelmailsquirrelmailMatch1.3.1
OR
squirrelmailsquirrelmailMatch1.3.2
OR
squirrelmailsquirrelmailMatch1.4.0
OR
squirrelmailsquirrelmailMatch1.4.0_rc1
OR
squirrelmailsquirrelmailMatch1.4.0_rc2a
OR
squirrelmailsquirrelmailMatch1.4.1
OR
squirrelmailsquirrelmailMatch1.4.2
OR
squirrelmailsquirrelmailMatch1.4.3
OR
squirrelmailsquirrelmailMatch1.4.3_rc1
OR
squirrelmailsquirrelmailMatch1.4.3a
OR
squirrelmailsquirrelmailMatch1.4.4
OR
squirrelmailsquirrelmailMatch1.4.4_rc1
OR
squirrelmailsquirrelmailMatch1.4.5
OR
squirrelmailsquirrelmailMatch1.4.5_rc1
OR
squirrelmailsquirrelmailMatch1.4.6
OR
squirrelmailsquirrelmailMatch1.4.6_rc1
OR
squirrelmailsquirrelmailMatch1.4.7
OR
squirrelmailsquirrelmailMatch1.4.8
OR
squirrelmailsquirrelmailMatch1.4.9
OR
squirrelmailsquirrelmailMatch1.4.9a
OR
squirrelmailsquirrelmailMatch1.4.10
OR
squirrelmailsquirrelmailMatch1.4.10a
OR
squirrelmailsquirrelmailMatch1.4.11
OR
squirrelmailsquirrelmailMatch1.4.12
OR
squirrelmailsquirrelmailMatch1.4.15
OR
squirrelmailsquirrelmailMatch1.4.15_rc1
VendorProductVersionCPE
squirrelmailsquirrelmail*cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*
squirrelmailsquirrelmail0.1cpe:2.3:a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*
squirrelmailsquirrelmail0.1.1cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*
squirrelmailsquirrelmail0.1.2cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*
squirrelmailsquirrelmail0.2cpe:2.3:a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*
squirrelmailsquirrelmail0.2.1cpe:2.3:a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*
squirrelmailsquirrelmail0.3cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*
squirrelmailsquirrelmail0.3.1cpe:2.3:a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*
squirrelmailsquirrelmail0.3pre1cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*
squirrelmailsquirrelmail0.3pre2cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*
Rows per page:
1-10 of 661

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

High

EPSS

0.003

Percentile

71.1%