2 matches found
CVE-2019-12970
CVE-2019-12970 is a disclosed XSS in SquirrelMail prior to updates addressing versions up to 1.4.22 and 1.5.x through 1.5.2. Root cause: improper handling of RCDATA/RAWTEXT in the sanitization mechanism allows bypass, enabling malicious script injection from HTML e-mails when assets such as NOEMB...
SquirrelMail 1.4.22 Cross Site Scripting
Advisory ID: SYSS-2019-016 Product: SquirrelMail Manufacturer: The SquirrelMail Project Affected Versions: 1.4.22, SVN Tested Versions: SVN Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-04-17 Solution Date: N/A Public...