CVE-2004-0519: XSS
First published: Thu Jun 03 2004(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SGI ProPack | =3.0 | |
| SquirrelMail | =1.0.4 | |
| SquirrelMail | =1.0.5 | |
| SquirrelMail | =1.2.0 | |
| SquirrelMail | =1.2.1 | |
| SquirrelMail | =1.2.2 | |
| SquirrelMail | =1.2.3 | |
| SquirrelMail | =1.2.4 | |
| SquirrelMail | =1.2.5 | |
| SquirrelMail | =1.2.6 | |
| SquirrelMail | =1.2.7 | |
| SquirrelMail | =1.2.8 | |
| SquirrelMail | =1.2.9 | |
| SquirrelMail | =1.2.10 | |
| SquirrelMail | =1.2.11 | |
| SquirrelMail | =1.4 | |
| SquirrelMail | =1.4.1 | |
| SquirrelMail | =1.4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://security.gentoo.org/glsa/glsa-200405-16.xml
- http://www.securityfocus.com/archive/1/361857
- http://www.debian.org/security/2004/dsa-535
- https://bugzilla.fedora.us/show_bug.cgi?id=1733
- http://rhn.redhat.com/errata/RHSA-2004-240.html
- http://www.securityfocus.com/advisories/6827
- http://secunia.com/advisories/11531
- http://secunia.com/advisories/11686
- http://secunia.com/advisories/11870
- http://secunia.com/advisories/12289
- http://www.securityfocus.com/bid/10246
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858
- http://www.novell.com/linux/security/advisories/2005_19_sr.html
- http://marc.info/?l=bugtraq&m=108334862800260
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16025
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10274
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1006
Frequently Asked Questions
What is the severity of CVE-2004-0519?
CVE-2004-0519 is classified as a medium severity vulnerability due to its potential to exploit multiple cross-site scripting flaws.
How do I fix CVE-2004-0519?
To fix CVE-2004-0519, upgrade SquirrelMail to version 1.4.3 or later, which addresses these vulnerabilities.
What software is affected by CVE-2004-0519?
CVE-2004-0519 affects SquirrelMail versions 1.0.4 through 1.4.2.
What types of attacks are possible with CVE-2004-0519?
Attackers can use CVE-2004-0519 to execute arbitrary scripts in the context of other users, potentially stealing authentication information.
Is CVE-2004-0519 relevant for my organization?
If your organization uses SquirrelMail version 1.0.4 to 1.4.2, CVE-2004-0519 poses a relevant risk that requires prompt attention.
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/squirrelmail
- product/squirrelmail
- canonical/squirrelmail squirrelmail
- vendor/sgi
- product/propack
- canonical/sgi propack
- version/sgi propack/3.0
- canonical/squirrelmail
- version/squirrelmail/1.0.4
- version/squirrelmail/1.0.5
- version/squirrelmail/1.2.0
- version/squirrelmail/1.2.1
- version/squirrelmail/1.2.2
- version/squirrelmail/1.2.3
- version/squirrelmail/1.2.4
- version/squirrelmail/1.2.5
- version/squirrelmail/1.2.6
- version/squirrelmail/1.2.7
- version/squirrelmail/1.2.8
- version/squirrelmail/1.2.9
- version/squirrelmail/1.2.10
- version/squirrelmail/1.2.11
- version/squirrelmail/1.4
- version/squirrelmail/1.4.1
- version/squirrelmail/1.4.2