6.8
CVE-2006-6142
- EPSS 1.99%
- Veröffentlicht 05.12.2006 11:28:00
- Zuletzt bearbeitet 16.06.2026 22:32:33
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Squirrelmail ≫ Squirrelmail Version1.4
Squirrelmail ≫ Squirrelmail Version1.4.1
Squirrelmail ≫ Squirrelmail Version1.4.2
Squirrelmail ≫ Squirrelmail Version1.4.3
Squirrelmail ≫ Squirrelmail Version1.4.3_r3
Squirrelmail ≫ Squirrelmail Version1.4.3_rc1
Squirrelmail ≫ Squirrelmail Version1.4.3aa
Squirrelmail ≫ Squirrelmail Version1.4.4
Squirrelmail ≫ Squirrelmail Version1.4.4_rc1
Squirrelmail ≫ Squirrelmail Version1.4.5
Squirrelmail ≫ Squirrelmail Version1.4.6
Squirrelmail ≫ Squirrelmail Version1.4.6_cvs
Squirrelmail ≫ Squirrelmail Version1.4.6_rc1
Squirrelmail ≫ Squirrelmail Version1.4.7
Squirrelmail ≫ Squirrelmail Version1.4_rc1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.99% | 0.782 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
http://docs.info.apple.com/article.html?artnum=306172
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://secunia.com/advisories/26235
http://www.securityfocus.com/bid/25159
http://www.vupen.com/english/advisories/2007/2732
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
http://secunia.com/advisories/24284
http://www.novell.com/linux/security/advisories/2007_4_sr.html
http://secunia.com/advisories/23409
http://www.novell.com/linux/security/advisories/2006_29_sr.html
http://fedoranews.org/cms/node/2438
http://fedoranews.org/cms/node/2439
http://secunia.com/advisories/23195
http://secunia.com/advisories/23322
http://secunia.com/advisories/23504
http://secunia.com/advisories/23811
http://secunia.com/advisories/24004
http://securitytracker.com/id?1017327
http://sourceforge.net/project/shownotes.php?release_id=468482
http://squirrelmail.org/security/issue/2006-12-02
http://www.debian.org/security/2006/dsa-1241
http://www.mandriva.com/security/advisories?name=MDKSA-2006:226
http://www.redhat.com/support/errata/RHSA-2007-0022.html
http://www.securityfocus.com/bid/21414
http://www.vupen.com/english/advisories/2006/4828
https://exchange.xforce.ibmcloud.com/vulnerabilities/30693
https://exchange.xforce.ibmcloud.com/vulnerabilities/30694
https://exchange.xforce.ibmcloud.com/vulnerabilities/30695
https://issues.rpath.com/browse/RPL-849
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988