Vulnerability Name: | CVE-2002-2086 (CCN-9009) | ||||||||
Assigned: | 2002-04-29 | ||||||||
Published: | 2002-04-29 | ||||||||
Updated: | 2017-07-11 | ||||||||
Summary: | Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag. | ||||||||
CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: MITRE Type: CNA CVE-2002-2086 Source: CCN Type: SquirrelMail Bug Tracker Bug #544658 Cross-site scripting vulnerability Source: CONFIRM Type: Vendor Advisory http://sourceforge.net/tracker/index.php?func=detail&aid=544658&group_id=311&atid=100311 Source: CONFIRM Type: Exploit, Vendor Advisory http://sourceforge.net/tracker/index.php?func=detail&aid=545933&group_id=311&atid=100311 Source: CCN Type: OSVDB ID: 59456 SquirrelMail HTML File Attachment Handling XSS Source: CCN Type: OSVDB ID: 59457 SquirrelMail Message Header Field HTML Tag XSS Source: BID Type: Patch 4666 Source: CCN Type: BID-4666 SquirrelMail HTML Attachment Script Injection Vulnerability Source: BID Type: Patch 4667 Source: CCN Type: BID-4667 SquirrelMail Message Header Field Script Injection Vulnerability Source: CCN Type: SquirrelMail Web site SquirrelMail - Webmail for Nuts! Source: CCN Type: SquirrelMail ChangeLog - Squirrelmail Stable Series 1.2 Version 1.2.6 -- April 29 2002 Source: CONFIRM Type: UNKNOWN http://www.squirrelmail.org/changelog.php Source: XF Type: UNKNOWN squirrelmail-header-xss(9008) Source: XF Type: UNKNOWN squirrelmail-html-attachment-xss(9009) Source: XF Type: UNKNOWN squirrelmail-html-attachment-xss(9009) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |