FreeBSDE879CA68-E01B-11D9-A8BD-000CF18BBE54squirrelmail -- Several cross site scripting vulnerabilities
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.016 Low
EPSS
Percentile
87.4%
A SquirrelMail Security Advisory reports:
Several cross site scripting (XSS) vulnerabilities have been
discovered in SquirrelMail versions 1.4.0 - 1.4.4.
The vulnerabilities are in two categories: the majority can be
exploited through URL manipulation, and some by sending a specially
crafted email to a victim. When done very carefully,
this can cause the session of the user to be hijacked.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | squirrelmail | = 1.4.0 | UNKNOWN |
| FreeBSD | any | noarch | squirrelmail | <= 1.4.4 | UNKNOWN |
| FreeBSD | any | noarch | ja-squirrelmail | = 1.4.0 | UNKNOWN |
| FreeBSD | any | noarch | ja-squirrelmail | <= 1.4.4 | UNKNOWN |
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.016 Low
EPSS
Percentile
87.4%