6.8

CVE-2006-6142

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SquirrelmailSquirrelmail Version1.4
SquirrelmailSquirrelmail Version1.4.1
SquirrelmailSquirrelmail Version1.4.2
SquirrelmailSquirrelmail Version1.4.3
SquirrelmailSquirrelmail Version1.4.3_r3
SquirrelmailSquirrelmail Version1.4.3_rc1
SquirrelmailSquirrelmail Version1.4.3aa
SquirrelmailSquirrelmail Version1.4.4
SquirrelmailSquirrelmail Version1.4.4_rc1
SquirrelmailSquirrelmail Version1.4.5
SquirrelmailSquirrelmail Version1.4.6
SquirrelmailSquirrelmail Version1.4.6_cvs
SquirrelmailSquirrelmail Version1.4.6_rc1
SquirrelmailSquirrelmail Version1.4.7
SquirrelmailSquirrelmail Version1.4_rc1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.99% 0.782
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://docs.info.apple.com/article.html?artnum=306172
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://secunia.com/advisories/26235
http://www.securityfocus.com/bid/25159
http://www.vupen.com/english/advisories/2007/2732
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
http://secunia.com/advisories/24284
http://www.novell.com/linux/security/advisories/2007_4_sr.html
http://secunia.com/advisories/23409
http://www.novell.com/linux/security/advisories/2006_29_sr.html
http://fedoranews.org/cms/node/2438
http://fedoranews.org/cms/node/2439
http://secunia.com/advisories/23195
http://secunia.com/advisories/23322
http://secunia.com/advisories/23504
http://secunia.com/advisories/23811
http://secunia.com/advisories/24004
http://securitytracker.com/id?1017327
http://sourceforge.net/project/shownotes.php?release_id=468482
http://squirrelmail.org/security/issue/2006-12-02
http://www.debian.org/security/2006/dsa-1241
http://www.mandriva.com/security/advisories?name=MDKSA-2006:226
http://www.redhat.com/support/errata/RHSA-2007-0022.html
http://www.securityfocus.com/bid/21414
http://www.vupen.com/english/advisories/2006/4828
https://exchange.xforce.ibmcloud.com/vulnerabilities/30693
https://exchange.xforce.ibmcloud.com/vulnerabilities/30694
https://exchange.xforce.ibmcloud.com/vulnerabilities/30695
https://issues.rpath.com/browse/RPL-849
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988