| Vulnerability Name: | CVE-2004-0639 (CCN-16285) | ||||||||
| Assigned: | 2004-05-30 | ||||||||
| Published: | 2004-05-30 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu Jun 03 2004 - 07:43:27 CDT [openwebmail] Fw: Re: XSS bug. Source: CONFIRM Type: UNKNOWN http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257973 Source: MITRE Type: CNA CVE-2004-0520 Source: MITRE Type: CNA CVE-2004-0639 Source: CONECTIVA Type: UNKNOWN CLA-2004:858 Source: CCN Type: Conectiva Linux Announcement CLSA-2004:858 Several vulnerabilities in SquirrelMail Source: CCN Type: IlohaMail Web site IlohaMail Source: BUGTRAQ Type: UNKNOWN 20040530 RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability Source: CCN Type: Open WebMail Web site Index of /openwebmail/download Source: CCN Type: RHSA-2004-240 squirrelmail security update Source: DEBIAN Type: Patch, Vendor Advisory DSA-535 Source: DEBIAN Type: DSA-535 squirrelmail -- several vulnerabilities Source: CCN Type: GLSA-200406-08 Squirrelmail: Another XSS vulnerability Source: CCN Type: OSVDB ID: 51270 IlohaMail Email Header XSS Source: CCN Type: OSVDB ID: 54626 Open WebMail (OWM) E-mail Multiple Content Header XSS Source: CCN Type: OSVDB ID: 8291 SquirrelMail read_body.php Multiple Parameter XSS Source: CCN Type: OSVDB ID: 8292 SquirrelMail mailbox_display.php Multiple Parameter XSS Source: CCN Type: RS-Labs Security Advisory RS-2004-1 SquirrelMail "Content-Type" XSS vulnerability Source: MISC Type: Vendor Advisory http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt Source: CCN Type: BID-10439 SquirrelMail Email Header HTML Injection Vulnerability Source: BID Type: Exploit, Patch 10450 Source: CCN Type: BID-10450 SquirrelMail From Email Header HTML Injection Vulnerability Source: CCN Type: BID-10667 Open WebMail Email Header HTML Injection Vulnerability Source: CCN Type: BID-10668 IlohaMail Email Header HTML Injection Vulnerability Source: CCN Type: SquirrelMail Web site SquirrelMail - Webmail for Nuts! Source: XF Type: UNKNOWN squirrelmail-from-header-xss(16285) Source: XF Type: UNKNOWN squirrelmail-from-header-xss(16285) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||