Vulnerability Name: | CVE-2007-1262 (CCN-34815) | ||||||||||||||||||||||||||||
Assigned: | 2007-05-09 | ||||||||||||||||||||||||||||
Published: | 2007-05-09 | ||||||||||||||||||||||||||||
Updated: | 2017-10-11 | ||||||||||||||||||||||||||||
Summary: | Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. | ||||||||||||||||||||||||||||
CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||||||||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||||||||||||||||||||||
Vulnerability Type: | CWE-79 | ||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||
References: | Source: CCN Type: BugTraq Mailing List, Thu May 10 2007 - 07:02:20 CDT squirrelmail CSRF vulnerability Source: MITRE Type: CNA CVE-2007-1262 Source: CCN Type: Apple Security Update 2007-007 About Security Update 2007-007 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=306172 Source: CCN Type: Apple Web site Apple security updates Source: JVN Type: UNKNOWN JVN#09157962 Source: JVNDB Type: UNKNOWN JVNDB-2007-000398 Source: APPLE Type: UNKNOWN APPLE-SA-2007-07-31 Source: OSVDB Type: UNKNOWN 35887 Source: OSVDB Type: UNKNOWN 35888 Source: CCN Type: RHSA-2007-0358 Moderate: squirrelmail security update Source: CCN Type: SA25200 SquirrelMail Cross-Site Scripting and Request Forgery Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 25200 Source: SECUNIA Type: UNKNOWN 25236 Source: SECUNIA Type: UNKNOWN 25320 Source: SECUNIA Type: UNKNOWN 25690 Source: SECUNIA Type: UNKNOWN 25787 Source: CCN Type: SA26235 Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 26235 Source: CCN Type: SECTRACK ID: 1018033 SquirrelMail Input Validation Holes in HTML Filter Permit Cross-Site Scripting Attacks Source: CCN Type: SourceForge.net SquirrelMail Source: CCN Type: ASA-2007-262 squirrelmail security update (RHSA-2007-0358) Source: DEBIAN Type: UNKNOWN DSA-1290 Source: DEBIAN Type: DSA-1290 squirrelmail -- missing input sanitising Source: MANDRIVA Type: UNKNOWN MDKSA-2007:106 Source: SUSE Type: UNKNOWN SUSE-SR:2007:013 Source: CCN Type: OSVDB ID: 35887 SquirrelMail HTML E-mail Attachment Data URI XSS Source: CCN Type: OSVDB ID: 35888 SquirrelMail with MSIE Unspecified Non-ASCII Character Set XSS Source: BID Type: UNKNOWN 23910 Source: CCN Type: BID-23910 SquirrelMail Multiple Cross Site Scripting Vulnerabilities Source: BID Type: UNKNOWN 25159 Source: CCN Type: BID-25159 Apple Mac OS X 2007-007 Multiple Security Vulnerabilities Source: SECTRACK Type: UNKNOWN 1018033 Source: CCN Type: SquirrelMail Security Advisory 2007-05-09 Cross site scripting in HTML filter Source: CONFIRM Type: UNKNOWN http://www.squirrelmail.org/security/issue/2007-05-09 Source: VUPEN Type: UNKNOWN ADV-2007-1748 Source: VUPEN Type: UNKNOWN ADV-2007-2732 Source: XF Type: UNKNOWN squirrelmail-multiple-xss(34815) Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-1353 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11712 Source: REDHAT Type: UNKNOWN RHSA-2007:0358 Source: SUSE Type: SUSE-SR:2007:013 SUSE Security Summary Report | ||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8: ![]() | ||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
BACK |