Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2006-0195

Published: 24/02/2006 Updated: 11/10/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Squirrelmail

Vulnerability Summary

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote malicious users to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.

Vulnerable Product Search on Vulmon Subscribe to Product

squirrelmail squirrelmail 1.4.3a

squirrelmail squirrelmail 1.4.4

squirrelmail squirrelmail 1.4.3_r3

squirrelmail squirrelmail 1.4.3_rc1

squirrelmail squirrelmail 1.4

squirrelmail squirrelmail 1.4.1

squirrelmail squirrelmail 1.4.4_rc1

squirrelmail squirrelmail 1.4.5

squirrelmail squirrelmail 1.4.2

squirrelmail squirrelmail 1.4.3

squirrelmail squirrelmail 1.4.6_rc1

squirrelmail squirrelmail 1.4_rc1

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2006-0377: IMAP injection attempts
Debian Bug report logs - #354063 CVE-2006-0377: IMAP injection attempts Package: squirrelmail; Maintainer for squirrelmail is Jeroen van Wolffelaar <jeroen@wolffelaarnl>; Source for squirrelmail is src:squirrelmail (PTS, buildd, popcon) Reported by: Geoff Crompton <geoffcrompton@strategicdatacomau> Date: Thu, 23 ...
Debian CVElist Bug Report Logs: CVE-2006-0188: possible XSS through right_main parameter of webmail.php
Debian Bug report logs - #354064 CVE-2006-0188: possible XSS through right_main parameter of webmailphp Package: squirrelmail; Maintainer for squirrelmail is Jeroen van Wolffelaar <jeroen@wolffelaarnl>; Source for squirrelmail is src:squirrelmail (PTS, buildd, popcon) Reported by: Geoff Crompton <geoffcrompton@strategi ...
Debian CVElist Bug Report Logs: CVE-2006-0195: XSS re comments in styles
Debian Bug report logs - #354062 CVE-2006-0195: XSS re comments in styles Package: squirrelmail; Maintainer for squirrelmail is Jeroen van Wolffelaar <jeroen@wolffelaarnl>; Source for squirrelmail is src:squirrelmail (PTS, buildd, popcon) Reported by: Geoff Crompton <geoffcrompton@strategicdatacomau> Date: Thu, 2 ...

References

NVD-CWE-Otherhttp://www.squirrelmail.org/security/issue/2006-02-10http://www.securityfocus.com/bid/16756http://securitytracker.com/id?1015662http://secunia.com/advisories/18985http://www.debian.org/security/2006/dsa-988http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.htmlhttp://www.novell.com/linux/security/advisories/2006_05_sr.htmlhttp://secunia.com/advisories/19131http://secunia.com/advisories/19130http://secunia.com/advisories/19176http://www.gentoo.org/security/en/glsa/glsa-200603-09.xmlhttp://secunia.com/advisories/19205http://www.redhat.com/support/errata/RHSA-2006-0283.htmlhttp://secunia.com/advisories/19960ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.aschttp://secunia.com/advisories/20210http://www.mandriva.com/security/advisories?name=MDKSA-2006:049http://www.vupen.com/english/advisories/2006/0689https://exchange.xforce.ibmcloud.com/vulnerabilities/24848https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9548https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=354063
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook