5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.0%
SquirrelMail is a standards-based webmail package written in PHP4.
Several HTML filtering bugs were discovered in SquirrelMail. An attacker
could inject arbitrary JavaScript leading to cross-site scripting attacks
by sending an e-mail viewed by a user within SquirrelMail.
(CVE-2007-1262)
Squirrelmail did not sufficiently check arguments to IMG tags in HTML
e-mail messages. This could be exploited by an attacker by sending
arbitrary e-mail messages on behalf of a squirrelmail user tricked into opening
a maliciously crafted HTML e-mail message. (CVE-2007-2589)
Users of SquirrelMail should upgrade to this erratum package, which
contains a backported patch to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 3 | noarch | squirrelmail | < 1.4.8-6.el3 | squirrelmail-1.4.8-6.el3.noarch.rpm |
RedHat | 5 | src | squirrelmail | < 1.4.8-4.0.1.el5 | squirrelmail-1.4.8-4.0.1.el5.src.rpm |
RedHat | 5 | noarch | squirrelmail | < 1.4.8-4.0.1.el5 | squirrelmail-1.4.8-4.0.1.el5.noarch.rpm |
RedHat | 4 | src | squirrelmail | < 1.4.8-4.0.1.el4 | squirrelmail-1.4.8-4.0.1.el4.src.rpm |
RedHat | 4 | noarch | squirrelmail | < 1.4.8-4.0.1.el4 | squirrelmail-1.4.8-4.0.1.el4.noarch.rpm |