Rapid7 Vulnerability & Exploit Database

SUSE-SR:2005:019:vuln5: squirrelmail various cross site scripting issues

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE-SR:2005:019:vuln5: squirrelmail various cross site scripting issues

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

08/19/2005

Created

07/25/2018

Added

12/13/2005

Modified

11/18/2015

Description

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.

Solution(s)

References

https://attackerkb.com/topics/cve-2004-0519
10246
CLA-2004:858
CVE - 2004-0519
DSA-535
OVAL1006
OVAL10274
RHSA-2004:240
20040604-01-U
http://marc.theaimsgroup.com/?l=bugtraq&m=108334862800260
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1006
http://security.gentoo.org/glsa/glsa-200405-16.xml
http://www.novell.com/linux/security/advisories/2005_19_sr.html
http://www.securityfocus.com/advisories/6827
http://www.securityfocus.com/archive/1/361857
http://www.securityfocus.com/bid/10246/
http://xforce.iss.net/xforce/xfdb/16025
https://bugzilla.fedora.us/show_bug.cgi?id=1733
16025

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;