Lucene search
GoogleOSV:DSA-220HistoryJan 02, 2003 - 12:00 a.m.
squirrelmail - cross site scripting
2003-01-0200:00:00
Google
osv.dev
3
EPSS
0.009
Percentile
83.1%
A cross site scripting vulnerability has been discovered in
squirrelmail, a feature-rich webmail package written in PHP4.
Squirrelmail doesn’t sanitize user provided variables in all places,
leaving it vulnerable to a cross site scripting attack.
For the current stable distribution (woody) this problem has been
fixed in version 1.2.6-1.3. The old stable distribution (potato) is
not affected since it doesn’t contain a squirrelmail package.
An updated package for the unstable distribution (sid) is
expected soon.
We recommend that you upgrade your squirrelmail package.
References
Related
ubuntucve
ubuntucve
CVE-2002-1341
2002-12-18 00:00:00
openvas
openvas
Debian Security Advisory DSA 220-1 (squirrelmail)
2008-01-17 00:00:00
Debian Security Advisory DSA 220-1 (squirrelmail)
2008-01-17 00:00:00
SquirrelMail Cross-Site Scripting Vulnerability
2005-11-03 00:00:00
cvelist
cvelist
CVE-2002-1341
2002-12-11 05:00:00
debian
debian
nvd
nvd
CVE-2002-1341
2002-12-18 05:00:00
cve
cve
CVE-2002-1341
2002-12-18 05:00:00
nessus
nessus
Debian DSA-220-1 : squirrelmail - XSS
2004-09-29 00:00:00
SquirrelMail 1.2.9 / 1.2.10 read_body.php Multiple Parameter XSS
2003-03-19 00:00:00