Lucene search
K

10 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.2 views

SUSE CVE-2006-0195

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting XSS attacks via style sheet specifiers with invalid 1 "/" and "/" comments, or 2 a newline in a "url" specifier, which is processed by certain web browsers...

4.3CVSS6.2AI score0.02034EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.4 views

SUSE CVE-2006-6142

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the 1 mailto parameter in a webmail.php, the 2 session and 3 deletedraft parameters in b compose.php, and 4 unspecified vectors involving "a...

6.8CVSS6AI score0.01986EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2007/01/31 5:13 p.m.5 views

Three XSS issues in SquirrelMail

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the 1 mailto parameter in a webmail.php, the 2 session and 3 deletedraft parameters in b compose.php, and 4 unspecified vectors involving "a...

6.8CVSS5.8AI score0.01986EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2006/12/30 12:0 a.m.34 views

Debian DSA-1241-1 : squirrelmail - XSS

Martijn Brinkers discovered cross-site scripting vulnerabilities in the mailto parameter of webmail.php, the session and deletedraft parameters of compose.php and through a shortcoming in the magicHTML filter. An attacker could abuse these to execute malicious JavaScript in the user's webmail...

6.8CVSS5.3AI score0.01986EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2006/12/05 11:28 a.m.30 views

CVE-2006-6142

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the 1 mailto parameter in a webmail.php, the 2 session and 3 deletedraft parameters in b compose.php, and 4 unspecified vectors involving "a...

6.8CVSS6AI score0.01986EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2006/05/03 4:9 p.m.4 views

security flaw

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting XSS attacks via style sheet specifiers with invalid 1 "/" and "/" comments, or 2 a newline in a "url" specifier, which is processed by certain web browsers...

4.3CVSS5.7AI score0.02034EPSS
Exploits0References4
Gentoo Linux
Gentoo Linux
added 2006/03/12 12:0 a.m.38 views

SquirrelMail: Cross-site scripting and IMAP command injection

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description SquirrelMail does not validate the rightframe parameter in webmail.php, possibly allowing frame replacement or cross-site scripting CVE-2006-0188. Martijn Brinkers and Scott Hughes...

5CVSS7.1AI score0.02296EPSS
Exploits1
NVD
NVD
added 2006/02/24 12:2 a.m.14 views

CVE-2006-0195

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting XSS attacks via style sheet specifiers with invalid 1 "/" and "/" comments, or 2 a newline in a "url" specifier, which is processed by certain web browsers...

4.3CVSS5.6AI score0.02034EPSS
Exploits0References20
Prion
Prion
added 2006/02/24 12:2 a.m.25 views

Cross site scripting

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting XSS attacks via style sheet specifiers with invalid 1 "/" and "/" comments, or 2 a newline in a "url" specifier, which is processed by certain web browsers...

4.3CVSS5.7AI score0.02034EPSS
Exploits0References20Affected Software1
CVE
CVE
added 2006/02/24 12:0 a.m.108 views

CVE-2006-0195

CVE-2006-0195 affects SquirrelMail 1.4.0–1.4.5 and is caused by an interpretation conflict in the MagicHTML filter, enabling remote XSS via style sheet specifiers with invalid /* */ comments or a newline in the url specifier. Public advisories and OpenVAS entries reference related fixes; Debian/C...

4.3CVSS5.5AI score0.02034EPSS
Exploits0References20Affected Software1
Rows per page
Query Builder