Published: 04/10/2002 Updated: 05/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and previous versions allows remote malicious users to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
squirrelmail squirrelmail

Several cross site scripting vulnerabilities have been found in squirrelmail, a feature-rich webmail package written in PHP4 The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities: CAN-2002-1131: User input is not always sanitized so execution of arbitrary code on a client computer is possible This ca ...

source: wwwsecurityfocuscom/bid/5763/info SquirrelMail is a feature rich webmail program implemented in the PHP4 language It is available for Linux and Unix based operating systems Multiple cross site scripting vulnerabilities have been discovered in various PHP scripts included with SquirrelMail By including embedded commands into a ...

NVD-CWE-Other http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html http://www.securityfocus.com/bid/5763 http://www.iss.net/security_center/static/10145.php http://www.redhat.com/support/errata/RHSA-2002-204.html http://www.debian.org/security/2002/dsa-191 http://sourceforge.net/project/shownotes.php?group_id=311&release_id=110774 https://nvd.nist.gov https://www.debian.org/security/./dsa-191 https://www.exploit-db.com/exploits/21811/

CVE-2002-1131

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect