4.3

CVE-2009-1581

functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SquirrelmailSquirrelmail Version <= 1.4.17
SquirrelmailSquirrelmail Version0.1
SquirrelmailSquirrelmail Version0.1.1
SquirrelmailSquirrelmail Version0.1.2
SquirrelmailSquirrelmail Version0.2
SquirrelmailSquirrelmail Version0.2.1
SquirrelmailSquirrelmail Version0.3
SquirrelmailSquirrelmail Version0.3.1
SquirrelmailSquirrelmail Version0.3pre1
SquirrelmailSquirrelmail Version0.3pre2
SquirrelmailSquirrelmail Version0.4
SquirrelmailSquirrelmail Version0.4pre1
SquirrelmailSquirrelmail Version0.4pre2
SquirrelmailSquirrelmail Version0.5
SquirrelmailSquirrelmail Version0.5pre1
SquirrelmailSquirrelmail Version0.5pre2
SquirrelmailSquirrelmail Version1.0
SquirrelmailSquirrelmail Version1.0.1
SquirrelmailSquirrelmail Version1.0.2
SquirrelmailSquirrelmail Version1.0.3
SquirrelmailSquirrelmail Version1.0.4
SquirrelmailSquirrelmail Version1.0.5
SquirrelmailSquirrelmail Version1.0.6
SquirrelmailSquirrelmail Version1.0pre1
SquirrelmailSquirrelmail Version1.0pre2
SquirrelmailSquirrelmail Version1.0pre3
SquirrelmailSquirrelmail Version1.1.0
SquirrelmailSquirrelmail Version1.1.1
SquirrelmailSquirrelmail Version1.1.2
SquirrelmailSquirrelmail Version1.1.3
SquirrelmailSquirrelmail Version1.2
SquirrelmailSquirrelmail Version1.2.0
SquirrelmailSquirrelmail Version1.2.0_rc3
SquirrelmailSquirrelmail Version1.2.1
SquirrelmailSquirrelmail Version1.2.2
SquirrelmailSquirrelmail Version1.2.3
SquirrelmailSquirrelmail Version1.2.4
SquirrelmailSquirrelmail Version1.2.5
SquirrelmailSquirrelmail Version1.2.6
SquirrelmailSquirrelmail Version1.2.7
SquirrelmailSquirrelmail Version1.2.8
SquirrelmailSquirrelmail Version1.2.9
SquirrelmailSquirrelmail Version1.2.10
SquirrelmailSquirrelmail Version1.2.11
SquirrelmailSquirrelmail Version1.3.0
SquirrelmailSquirrelmail Version1.3.1
SquirrelmailSquirrelmail Version1.3.2
SquirrelmailSquirrelmail Version1.4
SquirrelmailSquirrelmail Version1.4.0
SquirrelmailSquirrelmail Version1.4.0_rc1
SquirrelmailSquirrelmail Version1.4.0_rc2a
SquirrelmailSquirrelmail Version1.4.1
SquirrelmailSquirrelmail Version1.4.10
SquirrelmailSquirrelmail Version1.4.10a
SquirrelmailSquirrelmail Version1.4.11
SquirrelmailSquirrelmail Version1.4.12
SquirrelmailSquirrelmail Version1.4.15
SquirrelmailSquirrelmail Version1.4.15_rc1
SquirrelmailSquirrelmail Version1.4.16
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.75% 0.749
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
http://secunia.com/advisories/35052
Vendor Advisory
http://secunia.com/advisories/35073
Vendor Advisory
http://secunia.com/advisories/35140
http://secunia.com/advisories/35259
http://secunia.com/advisories/40220
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog
http://support.apple.com/kb/HT4188
http://www.debian.org/security/2009/dsa-1802
http://www.mandriva.com/security/advisories?name=MDVSA-2009:110
http://www.redhat.com/support/errata/RHSA-2009-1066.html
http://www.securityfocus.com/bid/34916
http://www.vupen.com/english/advisories/2009/1296
Vendor Advisory
http://www.vupen.com/english/advisories/2010/1481
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667&r2=13666&pathrev=13667
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667
http://www.squirrelmail.org/security/issue/2009-05-12
https://bugzilla.redhat.com/show_bug.cgi?id=500356
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/50463
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441