Lucene search
K

1281 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-30090

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are...

7.2CVSS5.3AI score0.0025EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2020-14932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...

9.8CVSS8.2AI score0.01431EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.6 views

VulnCheck KEV: CVE-2002-1131

Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via 1 addressbook.php, 2 options.php, 3 search.php, or 4 help.php...

7.5CVSS5.9AI score0.25754EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:50 a.m.6 views

CVE-2012-5623

Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords...

7.5CVSS7AI score0.00674EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:11 a.m.14 views

CVE-2012-0323

Cross-site scripting XSS vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01443EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/04/15 12:0 a.m.27 views

SquirrelMail <= 1.4.23, 1.5.x <= 1.5.2 XSS Vulnerability

SquirrelMail is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.2CVSS6.3AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/04 12:33 a.m.25 views

CVE-2025-30090

mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true...

7.2CVSS6AI score0.0025EPSS
Exploits0References1
NVD
NVD
added 2025/04/02 1:15 p.m.27 views

CVE-2025-30090

mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true...

7.2CVSS0.0025EPSS
Exploits0References2
OSV
OSV
added 2025/04/02 1:15 p.m.1 views

UBUNTU-CVE-2025-30090

mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true...

7.2CVSS5.7AI score0.0025EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/02 12:0 a.m.4 views

SquirrelMail 跨站脚本漏洞

SquirrelMail is a cross-platform Webmail mail system developed by SquirrelMail using the PHP language. A security vulnerability exists in SquirrelMail versions 1.4.23-svn-20250401 and earlier and 1.5.2-svn-20250401 and earlier versions 1.5.x, which stems from improper handling of email headers an...

7.2CVSS6AI score0.0025EPSS
Exploits0References3
CVE
CVE
added 2025/04/02 12:0 a.m.58 views

CVE-2025-30090

CVE-2025-30090 affects SquirrelMail mime.php in versions up to 1.4.23-svn-20250401 and 1.5.x up to 1.5.2-svn-20250401, enabling cross-site scripting via email headers after $encoded is set to true. The provided documents describe the vulnerable component and the weak handling in headers, with no ...

7.2CVSS6AI score0.0025EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/02 12:0 a.m.29 views

CVE-2025-30090

mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true...

7.2CVSS0.0025EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2018-8741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate or potentially delete files from the hosting server, related to...

8.8CVSS7.3AI score0.04451EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2018-14955

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations animate to attribute. CVE-2018-14955 Note that Nessus relies on the...

6.1CVSS6.8AI score0.01426EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-14951

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mail message display page in SquirrelMail through 1.4.22 has XSS via a form action='data:text attack. CVE-2018-14951 Note that Nessus relies on the presence...

6.1CVSS6.8AI score0.01426EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-7692

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a...

9CVSS7.7AI score0.32156EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2018-14954

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. CVE-2018-14954 Note that Nessus relies on the presence of the...

6.1CVSS6.8AI score0.01647EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-14953

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mail message display page in SquirrelMail through 1.4.22 has XSS via a math xlink:href= attack. CVE-2018-14953 Note that Nessus relies on the presence of th...

6.1CVSS6.8AI score0.01426EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-14952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mail message display page in SquirrelMail through 1.4.22 has XSS via a maction xlink:href= attack. CVE-2018-14952 Note that Nessus relies on the presence of...

6.1CVSS6.8AI score0.01426EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2012-2124

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - functions/imapgeneral.php in SquirrelMail, as used in Red Hat Enterprise Linux RHEL 4 and 5, does not properly handle 8-bit characters in passwords, which allow...

5CVSS6.7AI score0.02451EPSS
Exploits0References2
Rows per page
Query Builder