Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:20730
HistoryJul 14, 2011 - 12:00 a.m.

SquirrelMail 1.x 存在多个安全漏洞

2011-07-1400:00:00
Root
www.seebug.org
21

0.004 Low

EPSS

Percentile

72.1%

JSON

CVE ID:CVE-2010-4554
CVE-2010-4555
CVE-2011-2023

SquirrelMail是一款基于PHP的WEB邮件服务程序。
SquirrelMail存在多个安全漏洞,允许恶意用户进行跨站脚本注入攻击,绕过安全限制等攻击。
1)部分传递给消息中样式标签的输入在functions/mime.php使用之前缺少过滤,可导致跨站脚本攻击。
2)部分传递给下拉选择列表的部分输入在functions/options.php使用之前缺少过滤,可导致跨站脚本攻击。
3)部分传递给SquirrelSpell拼写检查功能的部分输入和索引排序页在返回用户之前缺少过滤,可导致跨站脚本攻击。
4)应用程序存在一个跨站请求伪造攻击,构建恶意链接,诱使用户点击可获得用户密码等信息。

SquirrelMail 1.x
厂商解决方案
用户可参考如下供应商提供的安全公告获得补丁信息:
http://www.squirrelmail.org/security/issue/2011-07-10
http://www.squirrelmail.org/security/issue/2011-07-11
http://www.squirrelmail.org/security/issue/2011-07-12

Related

fedora 2
openvas 17
nessus 8
osv 1
debian 1
securityvulns 3
veracode 3
prion 5
cve 5
oraclelinux 1
ubuntucve 5
redhat 1
centos 1
fedora
fedora
[SECURITY] Fedora 14 Update: squirrelmail-1.4.22-2.fc14
2011-07-23 02:10:11
[SECURITY] Fedora 15 Update: squirrelmail-1.4.22-2.fc15
2011-07-23 01:57:40
openvas
openvas
Fedora Update for squirrelmail FEDORA-2011-9309
2011-07-27 00:00:00
Fedora Update for squirrelmail FEDORA-2011-9309
2011-07-27 00:00:00
Fedora Update for squirrelmail FEDORA-2011-9311
2011-07-27 00:00:00
nessus
nessus
Fedora 15 : squirrelmail-1.4.22-2.fc15 (2011-9311)
2011-07-25 00:00:00
Fedora 14 : squirrelmail-1.4.22-2.fc14 (2011-9309)
2011-07-25 00:00:00
Debian DSA-2291-1 : squirrelmail - various vulnerabilities
2011-08-09 00:00:00
osv
osv
squirrelmail - various issues
2011-08-08 00:00:00
debian
debian
[SECURITY] [DSA 2291-1] squirrelmail security update
2011-08-08 11:24:38
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2011-08-12 00:00:00
Apple OS X multiple security vulnerabilities
2012-02-03 00:00:00
APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001
2012-02-03 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2020-04-10 01:06:29
Authorization Bypass
2020-04-10 01:06:28
Cross-site Scripting (XSS)
2020-04-10 01:06:29
prion
prion
Cross site scripting
2011-07-14 23:55:00
Hardcoded credentials
2011-07-14 23:55:00
Cross site request forgery (csrf)
2011-07-17 20:55:00
cve
cve
CVE-2010-4555
2011-07-14 23:55:00
CVE-2010-4554
2011-07-14 23:55:00
CVE-2011-2752
2011-07-17 20:55:00
oraclelinux
oraclelinux
squirrelmail security update
2012-02-08 00:00:00
ubuntucve
ubuntucve
CVE-2010-4555
2011-07-14 00:00:00
CVE-2010-4554
2011-07-14 00:00:00
CVE-2011-2753
2011-07-17 00:00:00
redhat
redhat
(RHSA-2012:0103) Moderate: squirrelmail security update
2012-02-08 00:00:00
centos
centos
squirrelmail security update
2012-02-08 20:29:14

0.004 Low

EPSS

Percentile

72.1%

JSON
Related for SSV:20730
fedora2openvas17nessus8osv1debian1securityvulns3veracode3prion5cve5oraclelinux1ubuntucve5redhat1centos1