Squirrelmail : Security Vulnerabilities, CVEs, Published In February 2006 (XSS)
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.
Max CVSS
4.3
EPSS Score
1.20%
Published
2006-02-24
Updated
2017-10-11
webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.
Max CVSS
4.3
EPSS Score
1.20%
Published
2006-02-24
Updated
2017-10-11
2 vulnerabilities found