Squirrelmail : Security vulnerabilities, CVEs xss, cross site scripting published in February 2006

Copy

CVE-2006-0195

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.

Max CVSS

4.3

EPSS Score

1.20%

Published

2006-02-24

Updated

2017-10-11

CVE-2006-0188

webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.

Max CVSS

4.3

EPSS Score

1.20%

Published

2006-02-24

Updated

2017-10-11

2 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!