GoogleOSV:DSA-2291-1squirrelmail - various issues
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
81.4%
Various vulnerabilities have been found in SquirrelMail, a webmail
application. The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:
- CVE-2010-4554
SquirrelMail did not prevent page rendering inside a third-party
HTML frame, which makes it easier for remote attackers to conduct
clickjacking attacks via a crafted web site. - CVE-2010-4555,
CVE-2011-2752,
CVE-2011-2753
Multiple small bugs in SquirrelMail allowed an attacker to inject
malicious script into various pages or alter the contents of user
preferences. - CVE-2011-2023
It was possible to inject arbitrary web script or HTML via a
crafted STYLE element in an HTML part of an e-mail message.
For the oldstable distribution (lenny), these problems have been fixed in
version 1.4.15-4+lenny5.
For the stable distribution (squeeze), these problems have been fixed in
version 1.4.21-2.
For the testing (wheezy) and unstable distribution (sid), these problems
have been fixed in version 1.4.22-1.
We recommend that you upgrade your squirrelmail packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| squirrelmail | eq | 2:1.4.21-1 |
References
Related
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
81.4%