4.3
CVE-2011-2023
- EPSS 2.32%
- Veröffentlicht 14.07.2011 23:55:02
- Zuletzt bearbeitet 16.06.2026 23:30:37
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Squirrelmail ≫ Squirrelmail Version <= 1.4.21
Squirrelmail ≫ Squirrelmail Version0.1
Squirrelmail ≫ Squirrelmail Version0.1.1
Squirrelmail ≫ Squirrelmail Version0.1.2
Squirrelmail ≫ Squirrelmail Version0.2
Squirrelmail ≫ Squirrelmail Version0.2.1
Squirrelmail ≫ Squirrelmail Version0.3
Squirrelmail ≫ Squirrelmail Version0.3.1
Squirrelmail ≫ Squirrelmail Version0.3pre1
Squirrelmail ≫ Squirrelmail Version0.3pre2
Squirrelmail ≫ Squirrelmail Version0.4
Squirrelmail ≫ Squirrelmail Version0.4pre1
Squirrelmail ≫ Squirrelmail Version0.4pre2
Squirrelmail ≫ Squirrelmail Version0.5
Squirrelmail ≫ Squirrelmail Version0.5pre1
Squirrelmail ≫ Squirrelmail Version0.5pre2
Squirrelmail ≫ Squirrelmail Version1.0
Squirrelmail ≫ Squirrelmail Version1.0.1
Squirrelmail ≫ Squirrelmail Version1.0.2
Squirrelmail ≫ Squirrelmail Version1.0.3
Squirrelmail ≫ Squirrelmail Version1.0.4
Squirrelmail ≫ Squirrelmail Version1.0.5
Squirrelmail ≫ Squirrelmail Version1.0.6
Squirrelmail ≫ Squirrelmail Version1.0pre1
Squirrelmail ≫ Squirrelmail Version1.0pre2
Squirrelmail ≫ Squirrelmail Version1.0pre3
Squirrelmail ≫ Squirrelmail Version1.1.0
Squirrelmail ≫ Squirrelmail Version1.1.1
Squirrelmail ≫ Squirrelmail Version1.1.2
Squirrelmail ≫ Squirrelmail Version1.1.3
Squirrelmail ≫ Squirrelmail Version1.2
Squirrelmail ≫ Squirrelmail Version1.2.0
Squirrelmail ≫ Squirrelmail Version1.2.0 Updaterc3
Squirrelmail ≫ Squirrelmail Version1.2.1
Squirrelmail ≫ Squirrelmail Version1.2.2
Squirrelmail ≫ Squirrelmail Version1.2.3
Squirrelmail ≫ Squirrelmail Version1.2.4
Squirrelmail ≫ Squirrelmail Version1.2.5
Squirrelmail ≫ Squirrelmail Version1.2.6
Squirrelmail ≫ Squirrelmail Version1.2.6 Updaterc1
Squirrelmail ≫ Squirrelmail Version1.2.7
Squirrelmail ≫ Squirrelmail Version1.2.8
Squirrelmail ≫ Squirrelmail Version1.2.9
Squirrelmail ≫ Squirrelmail Version1.2.10
Squirrelmail ≫ Squirrelmail Version1.2.11
Squirrelmail ≫ Squirrelmail Version1.3.0
Squirrelmail ≫ Squirrelmail Version1.3.1
Squirrelmail ≫ Squirrelmail Version1.3.2
Squirrelmail ≫ Squirrelmail Version1.4
Squirrelmail ≫ Squirrelmail Version1.4 Updaterc1
Squirrelmail ≫ Squirrelmail Version1.4.0
Squirrelmail ≫ Squirrelmail Version1.4.0 Updaterc1
Squirrelmail ≫ Squirrelmail Version1.4.0 Updaterc2a
Squirrelmail ≫ Squirrelmail Version1.4.0-r1
Squirrelmail ≫ Squirrelmail Version1.4.1
Squirrelmail ≫ Squirrelmail Version1.4.2
Squirrelmail ≫ Squirrelmail Version1.4.2-r1
Squirrelmail ≫ Squirrelmail Version1.4.2-r2
Squirrelmail ≫ Squirrelmail Version1.4.2-r3
Squirrelmail ≫ Squirrelmail Version1.4.2-r4
Squirrelmail ≫ Squirrelmail Version1.4.2-r5
Squirrelmail ≫ Squirrelmail Version1.4.3
Squirrelmail ≫ Squirrelmail Version1.4.3 Updater3
Squirrelmail ≫ Squirrelmail Version1.4.3 Updaterc1
Squirrelmail ≫ Squirrelmail Version1.4.3a
Squirrelmail ≫ Squirrelmail Version1.4.3aa
Squirrelmail ≫ Squirrelmail Version1.4.4
Squirrelmail ≫ Squirrelmail Version1.4.4 Updaterc1
Squirrelmail ≫ Squirrelmail Version1.4.5
Squirrelmail ≫ Squirrelmail Version1.4.5 Updaterc1
Squirrelmail ≫ Squirrelmail Version1.4.6
Squirrelmail ≫ Squirrelmail Version1.4.6 Updaterc1
Squirrelmail ≫ Squirrelmail Version1.4.6_cvs
Squirrelmail ≫ Squirrelmail Version1.4.7
Squirrelmail ≫ Squirrelmail Version1.4.8
Squirrelmail ≫ Squirrelmail Version1.4.8.4fc6
Squirrelmail ≫ Squirrelmail Version1.4.9
Squirrelmail ≫ Squirrelmail Version1.4.9a
Squirrelmail ≫ Squirrelmail Version1.4.10
Squirrelmail ≫ Squirrelmail Version1.4.10a
Squirrelmail ≫ Squirrelmail Version1.4.11
Squirrelmail ≫ Squirrelmail Version1.4.12
Squirrelmail ≫ Squirrelmail Version1.4.13
Squirrelmail ≫ Squirrelmail Version1.4.15
Squirrelmail ≫ Squirrelmail Version1.4.15 Updaterc1
Squirrelmail ≫ Squirrelmail Version1.4.15rc1
Squirrelmail ≫ Squirrelmail Version1.4.16
Squirrelmail ≫ Squirrelmail Version1.4.17
Squirrelmail ≫ Squirrelmail Version1.4.18
Squirrelmail ≫ Squirrelmail Version1.4.19
Squirrelmail ≫ Squirrelmail Version1.4.20
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.32% | 0.813 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://rhn.redhat.com/errata/RHSA-2012-0103.html
http://support.apple.com/kb/HT5130
http://www.debian.org/security/2011/dsa-2291
http://www.mandriva.com/security/advisories?name=MDVSA-2011:123
http://securitytracker.com/id?1025766
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14121
http://www.squirrelmail.org/security/issue/2011-07-10
https://bugzilla.redhat.com/show_bug.cgi?id=720695