Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-191
HistoryNov 07, 2002 - 12:00 a.m.

squirrelmail - cross site scripting

2002-11-0700:00:00
Google
osv.dev
6

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Several cross site scripting vulnerabilities have been found in
squirrelmail, a feature-rich webmail package written in PHP4. The
Common Vulnerabilities and Exposures (CVE) project identified the
following vulnerabilities:

  1. CAN-2002-1131: User input is not always sanitized so execution of
    arbitrary code on a client computer is possible. This can happen
    after following a malicious URL or by viewing a malicious
    addressbook entry.
  2. CAN-2002-1132: Another problem could make it possible for an
    attacker to gain sensitive information under some conditions.
    When a malformed argument is appended to a link, an error page
    will be generated which contains the absolute pathname of the
    script. However, this information is available through the
    Contents file of the distribution anyway.

These problems have been fixed in version 1.2.6-1.1 for the current stable
distribution (woody) and in version 1.2.8-1.1 for the unstable
distribution (sid). The old stable distribution (potato) is not
affected since it doesn’t contain a squirrelmail package.

We recommend that you upgrade your squirrelmail package.

Related

nessus 2
openvas 5
debian 4
cve 3
nuclei 1
nessus
nessus
Debian DSA-191-1 : squirrelmail - XSS
2004-09-29 00:00:00
SquirrelMail 1.2.9 / 1.2.10 read_body.php Multiple Parameter XSS
2003-03-19 00:00:00
openvas
openvas
Debian Security Advisory DSA 191-1 (squirrelmail)
2008-01-17 00:00:00
Debian Security Advisory DSA 191-1 (squirrelmail)
2008-01-17 00:00:00
Debian Security Advisory DSA 191-2 (squirrelmail)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 191-2] New squirrelmail packages fix problem in options page
2002-11-11 09:02:15
[SECURITY] [DSA 191-1] New squirrelmail packages fix cross site scripting bugs
2002-11-07 16:54:55
[SECURITY] [DSA 191-1] New squirrelmail packages fix cross site scripting bugs
2002-11-07 16:54:55
cve
cve
CVE-2002-1276
2002-11-29 05:00:00
CVE-2002-1131
2002-10-04 04:00:00
CVE-2002-1132
2002-10-04 04:00:00
nuclei
nuclei
SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting
2021-11-15 18:09:04

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for OSV:DSA-191
nessus2openvas5debian4cve3nuclei1