Vulnerability Details : CVE-2006-3174
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2006-3174
Probability of exploitation activity in the next 30 days: 1.88%
CVSS scores for CVE-2006-3174
|Base Score||Base Severity||CVSS Vector||Exploitability Score||Impact Score||Source|
Vendor statements for CVE-2006-3174
Red Hat 2006-08-30This issue has not been able to be reproduced by upstream or after a Red Hat code review. We therefore do not believe this is a security vulnerability.