Squirrelmail » Squirrelmail » 1.5_dev : Security Vulnerabilities, CVEs,
Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.
Max CVSS
6.8
EPSS Score
2.70%
Published
2005-03-01
Updated
2017-10-11
Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.
Max CVSS
6.8
EPSS Score
3.29%
Published
2004-08-06
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
Max CVSS
6.8
EPSS Score
1.84%
Published
2004-08-18
Updated
2017-10-11
3 vulnerabilities found