Lucene search
PRIOn knowledge basePRION:CVE-2019-12970HistoryJul 01, 2019 - 11:15 a.m.
Design/Logic Flaw
2019-07-0111:15:00
PRIOn knowledge base
www.prio-n.com
6
XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element.
| CPE | Name | Operator | Version |
|---|---|---|---|
| squirrelmail | le | 1.4.22 | |
| squirrelmail | ge | 1.5.0 | |
| squirrelmail | le | 1.5.2 |
Related
osv
osv
squirrelmail - security update
2019-08-01 00:00:00
squirrelmail vulnerability
2020-12-10 14:28:20
openvas
openvas
Ubuntu: Security Advisory (USN-4669-1)
2020-12-11 00:00:00
Mageia: Security Advisory (MGASA-2021-0010)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-1868-1)
2019-08-02 00:00:00
cvelist
cvelist
CVE-2019-12970
2019-07-01 10:32:05
debian
debian
[SECURITY] [DLA 1868-1] squirrelmail security update
2019-08-01 12:55:45
packetstorm
packetstorm
SquirrelMail 1.4.22 Cross Site Scripting
2019-07-01 00:00:00
ubuntu
ubuntu
SquirrelMail vulnerability
2020-12-10 00:00:00
redhatcve
redhatcve
CVE-2019-12970
2019-07-03 04:52:12
nvd
nvd
CVE-2019-12970
2019-07-01 11:15:09
nessus
nessus
Ubuntu 16.04 LTS : SquirrelMail vulnerability (USN-4669-1)
2020-12-10 00:00:00
Debian DLA-1868-1 : squirrelmail security update
2019-08-12 00:00:00
RHEL 5 : squirrelmail (Unpatched Vulnerability)
2024-05-11 00:00:00
mageia
mageia
Updated squirrelmail packages fix security vulnerabilities
2021-01-08 18:34:55
cve
cve
CVE-2019-12970
2019-07-01 11:15:09
ubuntucve
ubuntucve
CVE-2019-12970
2019-07-01 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-12-11 09:26:17