Lucene search

K

Veracode Vulnerability DatabaseVERACODE:28571

HistoryDec 11, 2020 - 9:26 a.m.

Cross-Site Scripting (XSS)

2020-12-1109:26:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

13

squirrelmail

xss

vulnerability

html e-mail

handling

application context

EPSS

0.01

Percentile

83.8%

SquirrelMail is vulnerable to cross-site scripting. The vulnerability is possible through bypassing the buit-in sanitization due to improper handling of RCDATA and RAWTEXT type elements. An attacker may execute malicious script content from HTML e-mail within the application context.

References

packetstormsecurity.com/files/153495/SquirrelMail-1.4.22-Cross-Site-Scripting.html

git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2019-12970

lists.debian.org/debian-lts-announce/2019/08/msg00000.html

seclists.org/bugtraq/2019/Jul/0

seclists.org/bugtraq/2019/Jul/50

www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-016.txt

EPSS

0.01

Percentile

83.8%

Related for VERACODE:28571

osv2 cvelist1 openvas3 redhatcve1 nessus3 mageia1 nvd1 prion1 cve1 ubuntucve1 debian1 ubuntu1 packetstorm1