Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squirrelmail squirrelmail - vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-14952
The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via a "<math><maction xlink:href=" attack.
Squirrelmail Squirrelmail
755
VMScore
CVE-2002-1131
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and previous versions allows remote malicious users to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
Squirrelmail Squirrelmail
1 EDB exploit
383
VMScore
CVE-2018-14953
The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via a "<math xlink:href=" attack.
Squirrelmail Squirrelmail
383
VMScore
CVE-2018-14954
The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via the formaction attribute.
Squirrelmail Squirrelmail
383
VMScore
CVE-2018-14955
The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via SVG animations (animate to attribute).
Squirrelmail Squirrelmail
383
VMScore
CVE-2018-14950
The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via a "<svg><a xlink:href=" attack.
Squirrelmail Squirrelmail
445
VMScore
CVE-2002-1132
SquirrelMail 1.2.7 and previous versions allows remote malicious users to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.
Squirrelmail Squirrelmail
383
VMScore
CVE-2019-12970
XSS exists in SquirrelMail up to and including 1.4.22 and 1.5.x up to and including 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the appli...
Squirrelmail Squirrelmail
1 Github repository
231
VMScore
CVE-2006-3174
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and previous versions, when register_globals is enabled, allows remote malicious users to inject arbitrary HTML via the mailbox parameter.
Squirrelmail Squirrelmail
668
VMScore
CVE-2007-2631
Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and previous versions allows remote malicious users to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648.
Squirrelmail Squirrelmail
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »