6.8

CVE-2004-1036

Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SquirrelmailSquirrelmail Version1.0.4
SquirrelmailSquirrelmail Version1.0.5
SquirrelmailSquirrelmail Version1.2
SquirrelmailSquirrelmail Version1.2.1
SquirrelmailSquirrelmail Version1.2.2
SquirrelmailSquirrelmail Version1.2.3
SquirrelmailSquirrelmail Version1.2.4
SquirrelmailSquirrelmail Version1.2.5
SquirrelmailSquirrelmail Version1.2.6
SquirrelmailSquirrelmail Version1.2.7
SquirrelmailSquirrelmail Version1.2.8
SquirrelmailSquirrelmail Version1.2.9
SquirrelmailSquirrelmail Version1.2.10
SquirrelmailSquirrelmail Version1.2.11
SquirrelmailSquirrelmail Version1.4
SquirrelmailSquirrelmail Version1.4.1
SquirrelmailSquirrelmail Version1.4.2
SquirrelmailSquirrelmail Version1.4.3
SquirrelmailSquirrelmail Version1.4.3_rc1
SquirrelmailSquirrelmail Version1.4.3a
SquirrelmailSquirrelmail Version1.5_dev
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.82% 0.847
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
Vendor Advisory
http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
Vendor Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000905
http://marc.info/?l=bugtraq&m=110012133608004&w=2
http://voxel.dl.sourceforge.net/sourceforge/squirrelmail/sm143a-xss.diff
http://www.gentoo.org/security/en/glsa/glsa-200411-25.xml
Patch
Vendor Advisory
http://www.squirrelmail.org/
https://exchange.xforce.ibmcloud.com/vulnerabilities/18031
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9592