Squirrelmail Security Vulnerabilities and Issues — Squirrelmail CVE List

Lucene search

SquirrelmailSquirrelmail

7 matches found

CVE•added 2018/03/17 2:29 p.m.•73 views

CVE-2018-8741

A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.

8.8CVSS8.3AI score0.01828EPSS

CVE•added 2018/08/05 6:29 p.m.•56 views

CVE-2018-14955

The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).

6.1CVSS5.9AI score0.00533EPSS

CVE•added 2018/08/05 6:29 p.m.•55 views

CVE-2018-14950

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<a xlink:href=" attack.

6.1CVSS5.9AI score0.00493EPSS

CVE•added 2018/08/05 6:29 p.m.•53 views

CVE-2018-14953

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.

6.1CVSS5.9AI score0.00493EPSS

CVE•added 2018/08/05 6:29 p.m.•52 views

CVE-2018-14951

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.

6.1CVSS5.9AI score0.00533EPSS

CVE•added 2018/08/05 6:29 p.m.•48 views

CVE-2018-14954

The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.

6.1CVSS6AI score0.00533EPSS

CVE•added 2018/08/05 6:29 p.m.•47 views

CVE-2018-14952

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<maction xlink:href=" attack.

6.1CVSS5.9AI score0.00493EPSS