Published: 23/06/2006 Updated: 20/07/2017

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 231

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and previous versions, when register_globals is enabled, allows remote malicious users to inject arbitrary HTML via the mailbox parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
squirrelmail squirrelmail

Debian Bug report logs - #373731 squirrelmail redirectphp local file include vulnerability Package: squirrelmail; Maintainer for squirrelmail is Jeroen van Wolffelaar <jeroen@wolffelaarnl>; Source for squirrelmail is src:squirrelmail (PTS, buildd, popcon) Reported by: Oliver Paulus <oliver@code-projectorg> Date: T ...

Debian Bug report logs - #375782 squirrelmail: CVE-2006-3174: cross-site scripting in searchphp when register_globals is on Package: squirrelmail; Maintainer for squirrelmail is Jeroen van Wolffelaar <jeroen@wolffelaarnl>; Source for squirrelmail is src:squirrelmail (PTS, buildd, popcon) Reported by: Alec Berryman <alec ...

NVD-CWE-Other http://www.osvdb.org/26610 http://www.securityfocus.com/bid/18700 http://pridels0.blogspot.com/2006/06/squirrelmail-151-xss-vuln.html http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:147 http://www.securityfocus.com/bid/25159 http://secunia.com/advisories/26235 http://www.vupen.com/english/advisories/2007/2732 https://exchange.xforce.ibmcloud.com/vulnerabilities/26941 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373731

CVE-2006-3174

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect