4.3

CVE-2007-1262

Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SquirrelmailSquirrelmail Version1.4.0
SquirrelmailSquirrelmail Version1.4.1
SquirrelmailSquirrelmail Version1.4.2
SquirrelmailSquirrelmail Version1.4.3
SquirrelmailSquirrelmail Version1.4.3_r3
SquirrelmailSquirrelmail Version1.4.3_rc1
SquirrelmailSquirrelmail Version1.4.3a
SquirrelmailSquirrelmail Version1.4.3aa
SquirrelmailSquirrelmail Version1.4.4
SquirrelmailSquirrelmail Version1.4.4_rc1
SquirrelmailSquirrelmail Version1.4.5
SquirrelmailSquirrelmail Version1.4.6
SquirrelmailSquirrelmail Version1.4.6_cvs
SquirrelmailSquirrelmail Version1.4.6_rc1
SquirrelmailSquirrelmail Version1.4.7
SquirrelmailSquirrelmail Version1.4.8
SquirrelmailSquirrelmail Version1.4.9
SquirrelmailSquirrelmail Version1.4.9a
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.53% 0.829
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://docs.info.apple.com/article.html?artnum=306172
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://secunia.com/advisories/26235
http://www.securityfocus.com/bid/25159
http://www.vupen.com/english/advisories/2007/2732
http://secunia.com/advisories/25787
http://www.novell.com/linux/security/advisories/2007_13_sr.html
http://jvn.jp/en/jp/JVN09157962/index.html
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000398.html
http://osvdb.org/35887
http://osvdb.org/35888
http://secunia.com/advisories/25200
Patch
Vendor Advisory
http://secunia.com/advisories/25236
http://secunia.com/advisories/25320
http://secunia.com/advisories/25690
http://www.debian.org/security/2007/dsa-1290
http://www.mandriva.com/security/advisories?name=MDKSA-2007:106
http://www.securityfocus.com/bid/23910
http://www.securitytracker.com/id?1018033
http://www.squirrelmail.org/security/issue/2007-05-09
http://www.vupen.com/english/advisories/2007/1748
https://issues.rpath.com/browse/RPL-1353
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11712
https://rhn.redhat.com/errata/RHSA-2007-0358.html