6.8

CVE-2004-0520

Exploit
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Open WebmailOpen Webmail Version2.30
Open WebmailOpen Webmail Version2.31
Open WebmailOpen Webmail Version2.32
SgiPropack Version3.0
SquirrelmailSquirrelmail Version1.2.0
SquirrelmailSquirrelmail Version1.2.1
SquirrelmailSquirrelmail Version1.2.2
SquirrelmailSquirrelmail Version1.2.3
SquirrelmailSquirrelmail Version1.2.4
SquirrelmailSquirrelmail Version1.2.5
SquirrelmailSquirrelmail Version1.2.6
SquirrelmailSquirrelmail Version1.2.7
SquirrelmailSquirrelmail Version1.2.8
SquirrelmailSquirrelmail Version1.2.9
SquirrelmailSquirrelmail Version1.2.10
SquirrelmailSquirrelmail Version1.2.11
SquirrelmailSquirrelmail Version1.4
SquirrelmailSquirrelmail Version1.4.1
SquirrelmailSquirrelmail Version1.4.2
SquirrelmailSquirrelmail Version1.4.3_rc1
SquirrelmailSquirrelmail Version1.5_dev
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.13% 0.934
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
Patch
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858
http://marc.info/?l=bugtraq&m=108611554415078&w=2
http://www.debian.org/security/2004/dsa-535
Patch
Vendor Advisory
http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2004-240.html
Patch
Vendor Advisory
http://secunia.com/advisories/11870
Patch
Vendor Advisory
http://secunia.com/advisories/12289
Patch
Vendor Advisory
http://www.securityfocus.com/advisories/6827
Patch
Vendor Advisory
https://bugzilla.fedora.us/show_bug.cgi?id=1733
Patch
http://marc.info/?l=squirrelmail-cvs&m=108532891231712
http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml
Vendor Advisory
http://www.securityfocus.com/bid/10439
Patch
Exploit
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1012
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10766