Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squirrelmail squirrelmail - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-1131
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and previous versions allows remote malicious users to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
Squirrelmail Squirrelmail
1 EDB exploit
NA
CVE-2002-1132
SquirrelMail 1.2.7 and previous versions allows remote malicious users to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.
Squirrelmail Squirrelmail
6.1
CVSSv3
CVE-2018-14954
The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via the formaction attribute.
Squirrelmail Squirrelmail
6.1
CVSSv3
CVE-2018-14955
The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via SVG animations (animate to attribute).
Squirrelmail Squirrelmail
6.1
CVSSv3
CVE-2018-14950
The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via a "<svg><a xlink:href=" attack.
Squirrelmail Squirrelmail
6.1
CVSSv3
CVE-2018-14951
The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via a "<form action='data:text" attack.
Squirrelmail Squirrelmail
6.1
CVSSv3
CVE-2018-14952
The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via a "<math><maction xlink:href=" attack.
Squirrelmail Squirrelmail
6.1
CVSSv3
CVE-2018-14953
The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via a "<math xlink:href=" attack.
Squirrelmail Squirrelmail
6.1
CVSSv3
CVE-2019-12970
XSS exists in SquirrelMail up to and including 1.4.22 and 1.5.x up to and including 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the appli...
Squirrelmail Squirrelmail
1 Github repository
NA
CVE-2006-3174
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and previous versions, when register_globals is enabled, allows remote malicious users to inject arbitrary HTML via the mailbox parameter.
Squirrelmail Squirrelmail
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »