6.8

CVE-2006-6142

EPSS 5.24%
Veröffentlicht 05.12.2006 11:28:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 33

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Squirrelmail ≫ Squirrelmail Version1.4

Squirrelmail ≫ Squirrelmail Version1.4.1

Squirrelmail ≫ Squirrelmail Version1.4.2

Squirrelmail ≫ Squirrelmail Version1.4.3

Squirrelmail ≫ Squirrelmail Version1.4.3_r3

Squirrelmail ≫ Squirrelmail Version1.4.3_rc1

Squirrelmail ≫ Squirrelmail Version1.4.3aa

Squirrelmail ≫ Squirrelmail Version1.4.4

Squirrelmail ≫ Squirrelmail Version1.4.4_rc1

Squirrelmail ≫ Squirrelmail Version1.4.5

Squirrelmail ≫ Squirrelmail Version1.4.6

Squirrelmail ≫ Squirrelmail Version1.4.6_cvs

Squirrelmail ≫ Squirrelmail Version1.4.6_rc1

Squirrelmail ≫ Squirrelmail Version1.4.7

Squirrelmail ≫ Squirrelmail Version1.4_rc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.24%	0.896

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://docs.info.apple.com/article.html?artnum=306172

http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

http://secunia.com/advisories/26235

http://www.securityfocus.com/bid/25159

http://www.vupen.com/english/advisories/2007/2732

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc

http://secunia.com/advisories/24284

http://www.novell.com/linux/security/advisories/2007_4_sr.html

http://secunia.com/advisories/23409

http://www.novell.com/linux/security/advisories/2006_29_sr.html

http://fedoranews.org/cms/node/2438

http://fedoranews.org/cms/node/2439

http://secunia.com/advisories/23195

http://secunia.com/advisories/23322

http://secunia.com/advisories/23504

http://secunia.com/advisories/23811

http://secunia.com/advisories/24004

http://securitytracker.com/id?1017327

http://sourceforge.net/project/shownotes.php?release_id=468482

http://squirrelmail.org/security/issue/2006-12-02

http://www.debian.org/security/2006/dsa-1241

http://www.mandriva.com/security/advisories?name=MDKSA-2006:226

http://www.redhat.com/support/errata/RHSA-2007-0022.html

http://www.securityfocus.com/bid/21414

http://www.vupen.com/english/advisories/2006/4828

https://exchange.xforce.ibmcloud.com/vulnerabilities/30693

https://exchange.xforce.ibmcloud.com/vulnerabilities/30694

https://exchange.xforce.ibmcloud.com/vulnerabilities/30695

https://issues.rpath.com/browse/RPL-849

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988

https://nvd.nist.gov/vuln/detail/CVE-2006-6142

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-6142

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-6142

EUVD