Squirrelmail

Squirrelmail

65 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2004-0521

  • EPSS 4.65%
  • Published 18.08.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.

6.8

CVE-2004-0520

Exploit
  • EPSS 14.93%
  • Published 18.08.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.

6.8

CVE-2004-0519

Exploit
  • EPSS 0.12%
  • Published 18.08.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in ...

6.8

CVE-2004-0639

Exploit
  • EPSS 3.63%
  • Published 06.08.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php,...

5.8

CVE-2003-0160

  • EPSS 0.54%
  • Published 02.04.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.

4.3

CVE-2002-2086

Exploit
  • EPSS 0.68%
  • Published 31.12.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute o...

7.5

CVE-2002-1650

Exploit
  • EPSS 3.17%
  • Published 31.12.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.

4.3

CVE-2002-1649

Exploit
  • EPSS 0.76%
  • Published 31.12.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag.

7.5

CVE-2002-1648

Exploit
  • EPSS 1.27%
  • Published 31.12.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters.

6.8

CVE-2002-1341

  • EPSS 2.7%
  • Published 18.12.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.