Vulnerability Details : CVE-2004-0519
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2004-0519
- cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0519
2.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0519
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2004-0519
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1006
-
http://www.securityfocus.com/archive/1/361857
-
http://security.gentoo.org/glsa/glsa-200405-16.xml
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/16025
-
http://www.securityfocus.com/bid/10246
Exploit;Patch
-
http://rhn.redhat.com/errata/RHSA-2004-240.html
Patch;Vendor Advisory
-
http://www.securityfocus.com/advisories/6827
Patch;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10274
-
http://www.novell.com/linux/security/advisories/2005_19_sr.html
Security - Support | SUSEVendor Advisory
-
https://bugzilla.fedora.us/show_bug.cgi?id=1733
Patch
-
ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
Patch
-
http://www.debian.org/security/2004/dsa-535
Patch;Vendor Advisory
-
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858
-
http://marc.info/?l=bugtraq&m=108334862800260
Jump to