6.8

CVE-2004-0519

Exploit
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SgiPropack Version3.0
SquirrelmailSquirrelmail Version1.0.4
SquirrelmailSquirrelmail Version1.0.5
SquirrelmailSquirrelmail Version1.2.0
SquirrelmailSquirrelmail Version1.2.1
SquirrelmailSquirrelmail Version1.2.2
SquirrelmailSquirrelmail Version1.2.3
SquirrelmailSquirrelmail Version1.2.4
SquirrelmailSquirrelmail Version1.2.5
SquirrelmailSquirrelmail Version1.2.6
SquirrelmailSquirrelmail Version1.2.7
SquirrelmailSquirrelmail Version1.2.8
SquirrelmailSquirrelmail Version1.2.9
SquirrelmailSquirrelmail Version1.2.10
SquirrelmailSquirrelmail Version1.2.11
SquirrelmailSquirrelmail Version1.4
SquirrelmailSquirrelmail Version1.4.1
SquirrelmailSquirrelmail Version1.4.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 22.53% 0.974
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
Patch
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858
http://www.debian.org/security/2004/dsa-535
Patch
Vendor Advisory
http://marc.info/?l=bugtraq&m=108334862800260
http://rhn.redhat.com/errata/RHSA-2004-240.html
Patch
Vendor Advisory
http://secunia.com/advisories/11531
Patch
Vendor Advisory
http://secunia.com/advisories/11686
Patch
Vendor Advisory
http://secunia.com/advisories/11870
Patch
Vendor Advisory
http://secunia.com/advisories/12289
Patch
http://security.gentoo.org/glsa/glsa-200405-16.xml
Vendor Advisory
http://www.novell.com/linux/security/advisories/2005_19_sr.html
Vendor Advisory
http://www.securityfocus.com/advisories/6827
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/361857
http://www.securityfocus.com/bid/10246
Patch
Exploit
https://bugzilla.fedora.us/show_bug.cgi?id=1733
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/16025
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1006
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10274