Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squirrelmail vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-14950
The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via a "<svg><a xlink:href=" attack.
Squirrelmail Squirrelmail
4.3
CVSSv2
CVE-2018-14951
The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via a "<form action='data:text" attack.
Squirrelmail Squirrelmail
4.3
CVSSv2
CVE-2018-14952
The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via a "<math><maction xlink:href=" attack.
Squirrelmail Squirrelmail
4.3
CVSSv2
CVE-2018-14953
The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via a "<math xlink:href=" attack.
Squirrelmail Squirrelmail
7.5
CVSSv2
CVE-2002-1131
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and previous versions allows remote malicious users to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
Squirrelmail Squirrelmail
1 EDB exploit
4.3
CVSSv2
CVE-2018-14954
The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via the formaction attribute.
Squirrelmail Squirrelmail
2.6
CVSSv2
CVE-2006-3174
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and previous versions, when register_globals is enabled, allows remote malicious users to inject arbitrary HTML via the mailbox parameter.
Squirrelmail Squirrelmail
4.3
CVSSv2
CVE-2019-12970
XSS exists in SquirrelMail up to and including 1.4.22 and 1.5.x up to and including 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the appli...
Squirrelmail Squirrelmail
1 Github repository
5
CVSSv2
CVE-2002-1132
SquirrelMail 1.2.7 and previous versions allows remote malicious users to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.
Squirrelmail Squirrelmail
5.8
CVSSv2
CVE-2003-0160
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail prior to 1.2.11 allow remote malicious users to inject arbitrary HTML code and steal information from a client's web browser.
Squirrelmail Squirrelmail
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
CVE-2024-20360
CVE-2021-47559
XXE
CVE-2024-5229
CVE-2021-47543
CVE-2021-47571
SSTI
CVE-2024-4978
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »