4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.016 Low
EPSS
Percentile
87.4%
A SquirrelMail Security Advisory reports:
Several cross site scripting (XSS) vulnerabilities have been
discovered in SquirrelMail versions 1.4.0 - 1.4.4.
The vulnerabilities are in two categories: the majority can be
exploited through URL manipulation, and some by sending a specially
crafted email to a victim. When done very carefully,
this can cause the session of the user to be hijacked.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | squirrelmail | = 1.4.0 | UNKNOWN |
FreeBSD | any | noarch | squirrelmail | <= 1.4.4 | UNKNOWN |
FreeBSD | any | noarch | ja-squirrelmail | = 1.4.0 | UNKNOWN |
FreeBSD | any | noarch | ja-squirrelmail | <= 1.4.4 | UNKNOWN |