CVE-2007-1262

2007-05-1104:20:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.009

Percentile

82.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.

Affected configurations

Nvd

Node

squirrelmailsquirrelmailMatch1.4.0

squirrelmailsquirrelmailMatch1.4.1

squirrelmailsquirrelmailMatch1.4.2

squirrelmailsquirrelmailMatch1.4.3

squirrelmailsquirrelmailMatch1.4.3_r3

squirrelmailsquirrelmailMatch1.4.3_rc1

squirrelmailsquirrelmailMatch1.4.3a

squirrelmailsquirrelmailMatch1.4.3aa

squirrelmailsquirrelmailMatch1.4.4

squirrelmailsquirrelmailMatch1.4.4_rc1

squirrelmailsquirrelmailMatch1.4.5

squirrelmailsquirrelmailMatch1.4.6

squirrelmailsquirrelmailMatch1.4.6_cvs

squirrelmailsquirrelmailMatch1.4.6_rc1

squirrelmailsquirrelmailMatch1.4.7

squirrelmailsquirrelmailMatch1.4.8

squirrelmailsquirrelmailMatch1.4.9

squirrelmailsquirrelmailMatch1.4.9a

VendorProductVersionCPE
squirrelmailsquirrelmail1.4.0cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.1cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.2cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.3cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.3_r3cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.3_rc1cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.3acpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.3aacpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.4cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.4_rc1cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
squirrelmail	squirrelmail	1.4.0	cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:::::::*
squirrelmail	squirrelmail	1.4.1	cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:::::::*
squirrelmail	squirrelmail	1.4.2	cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:::::::*
squirrelmail	squirrelmail	1.4.3	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:::::::*
squirrelmail	squirrelmail	1.4.3_r3	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:::::::*
squirrelmail	squirrelmail	1.4.3_rc1	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:::::::*
squirrelmail	squirrelmail	1.4.3a	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:::::::*
squirrelmail	squirrelmail	1.4.3aa	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:::::::*
squirrelmail	squirrelmail	1.4.4	cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:::::::*
squirrelmail	squirrelmail	1.4.4_rc1	cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:::::::*