CVE-2004-0519: XSS
First published: Thu Jun 03 2004(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Squirrelmail Squirrelmail | =1.4.2 | |
| Squirrelmail Squirrelmail | =1.0.5 | |
| Squirrelmail Squirrelmail | =1.2.7 | |
| Squirrelmail Squirrelmail | =1.2.0 | |
| SGI ProPack | =3.0 | |
| Squirrelmail Squirrelmail | =1.2.9 | |
| Squirrelmail Squirrelmail | =1.2.2 | |
| Squirrelmail Squirrelmail | =1.2.1 | |
| Squirrelmail Squirrelmail | =1.4.1 | |
| Squirrelmail Squirrelmail | =1.4 | |
| Squirrelmail Squirrelmail | =1.2.4 | |
| Squirrelmail Squirrelmail | =1.2.3 | |
| Squirrelmail Squirrelmail | =1.0.4 | |
| Squirrelmail Squirrelmail | =1.2.6 | |
| Squirrelmail Squirrelmail | =1.2.10 | |
| Squirrelmail Squirrelmail | =1.2.5 | |
| Squirrelmail Squirrelmail | =1.2.8 | |
| Squirrelmail Squirrelmail | =1.2.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://security.gentoo.org/glsa/glsa-200405-16.xml
- http://www.securityfocus.com/archive/1/361857
- http://www.debian.org/security/2004/dsa-535
- https://bugzilla.fedora.us/show_bug.cgi?id=1733
- http://rhn.redhat.com/errata/RHSA-2004-240.html
- http://www.securityfocus.com/advisories/6827
- http://secunia.com/advisories/11531
- http://secunia.com/advisories/11686
- http://secunia.com/advisories/11870
- http://secunia.com/advisories/12289
- http://www.securityfocus.com/bid/10246
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858
- http://www.novell.com/linux/security/advisories/2005_19_sr.html
- http://marc.info/?l=bugtraq&m=108334862800260
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16025
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10274
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1006
- collector/nvd-historical
- vendor/squirrelmail
- product/squirrelmail
- canonical/squirrelmail squirrelmail
- vendor/sgi
- product/propack
- canonical/sgi propack
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- version/squirrelmail squirrelmail/1.4.2
- version/squirrelmail squirrelmail/1.0.5
- version/squirrelmail squirrelmail/1.2.7
- version/squirrelmail squirrelmail/1.2.0
- version/sgi propack/3.0
- version/squirrelmail squirrelmail/1.2.9
- version/squirrelmail squirrelmail/1.2.2
- version/squirrelmail squirrelmail/1.2.1
- version/squirrelmail squirrelmail/1.4.1
- version/squirrelmail squirrelmail/1.4
- version/squirrelmail squirrelmail/1.2.4
- version/squirrelmail squirrelmail/1.2.3
- version/squirrelmail squirrelmail/1.0.4
- version/squirrelmail squirrelmail/1.2.6
- version/squirrelmail squirrelmail/1.2.10
- version/squirrelmail squirrelmail/1.2.5
- version/squirrelmail squirrelmail/1.2.8
- version/squirrelmail squirrelmail/1.2.11