1281 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-30090
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are...
Linux Distros Unpatched Vulnerability : CVE-2020-14932
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...
VulnCheck KEV: CVE-2002-1131
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via 1 addressbook.php, 2 options.php, 3 search.php, or 4 help.php...
CVE-2012-5623
Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords...
CVE-2012-0323
Cross-site scripting XSS vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
SquirrelMail <= 1.4.23, 1.5.x <= 1.5.2 XSS Vulnerability
SquirrelMail is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2025-30090
mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true...
CVE-2025-30090
mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true...
UBUNTU-CVE-2025-30090
mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true...
SquirrelMail 跨站脚本漏洞
SquirrelMail is a cross-platform Webmail mail system developed by SquirrelMail using the PHP language. A security vulnerability exists in SquirrelMail versions 1.4.23-svn-20250401 and earlier and 1.5.2-svn-20250401 and earlier versions 1.5.x, which stems from improper handling of email headers an...
CVE-2025-30090
CVE-2025-30090 affects SquirrelMail mime.php in versions up to 1.4.23-svn-20250401 and 1.5.x up to 1.5.2-svn-20250401, enabling cross-site scripting via email headers after $encoded is set to true. The provided documents describe the vulnerable component and the weak handling in headers, with no ...
CVE-2025-30090
mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true...
Linux Distros Unpatched Vulnerability : CVE-2018-8741
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate or potentially delete files from the hosting server, related to...
Linux Distros Unpatched Vulnerability : CVE-2018-14955
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations animate to attribute. CVE-2018-14955 Note that Nessus relies on the...
Linux Distros Unpatched Vulnerability : CVE-2018-14951
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mail message display page in SquirrelMail through 1.4.22 has XSS via a form action='data:text attack. CVE-2018-14951 Note that Nessus relies on the presence...
Linux Distros Unpatched Vulnerability : CVE-2017-7692
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a...
Linux Distros Unpatched Vulnerability : CVE-2018-14954
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. CVE-2018-14954 Note that Nessus relies on the presence of the...
Linux Distros Unpatched Vulnerability : CVE-2018-14953
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mail message display page in SquirrelMail through 1.4.22 has XSS via a math xlink:href= attack. CVE-2018-14953 Note that Nessus relies on the presence of th...
Linux Distros Unpatched Vulnerability : CVE-2018-14952
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mail message display page in SquirrelMail through 1.4.22 has XSS via a maction xlink:href= attack. CVE-2018-14952 Note that Nessus relies on the presence of...
Linux Distros Unpatched Vulnerability : CVE-2012-2124
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - functions/imapgeneral.php in SquirrelMail, as used in Red Hat Enterprise Linux RHEL 4 and 5, does not properly handle 8-bit characters in passwords, which allow...