Published: 05/12/2008 Updated: 29/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in SquirrelMail prior to 1.4.17 allows remote malicious users to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
squirrelmail squirrelmail 1.4.2
squirrelmail squirrelmail 1.4.3
squirrelmail squirrelmail 1.4.5
squirrelmail squirrelmail 1.4.6
squirrelmail squirrelmail 1.4.10
squirrelmail squirrelmail 1.4.10a
squirrelmail squirrelmail 1.2.1
squirrelmail squirrelmail 1.2.2
squirrelmail squirrelmail 1.1.1
squirrelmail squirrelmail 1.1.2
squirrelmail squirrelmail 1.0.2
squirrelmail squirrelmail 1.0.3
squirrelmail squirrelmail 0.4pre2
squirrelmail squirrelmail 0.4
squirrelmail squirrelmail 0.1
squirrelmail squirrelmail 0.1.1
squirrelmail squirrelmail
squirrelmail squirrelmail 1.4.0
squirrelmail squirrelmail 1.4.1
squirrelmail squirrelmail 1.4.3_rc1
squirrelmail squirrelmail 1.4.3a
squirrelmail squirrelmail 1.4.5_rc1
squirrelmail squirrelmail 1.4.8
squirrelmail squirrelmail 1.3.1
squirrelmail squirrelmail 1.3.2
squirrelmail squirrelmail 1.2.5
squirrelmail squirrelmail 1.2.6
squirrelmail squirrelmail 1.0pre2
squirrelmail squirrelmail 1.0pre3
squirrelmail squirrelmail 0.5pre1
squirrelmail squirrelmail 0.5pre2
squirrelmail squirrelmail 0.3
squirrelmail squirrelmail 0.3.1
squirrelmail squirrelmail 1.4.0_rc2a
squirrelmail squirrelmail 1.4.0_rc1
squirrelmail squirrelmail 1.4.6_rc1
squirrelmail squirrelmail 1.4.7
squirrelmail squirrelmail 1.4.15_rc1
squirrelmail squirrelmail 1.4.15
squirrelmail squirrelmail 1.3.0
squirrelmail squirrelmail 1.2.3
squirrelmail squirrelmail 1.2.4
squirrelmail squirrelmail 1.1.3
squirrelmail squirrelmail 1.0pre1
squirrelmail squirrelmail 1.0.4
squirrelmail squirrelmail 1.0.5
squirrelmail squirrelmail 1.0.6
squirrelmail squirrelmail 0.3pre1
squirrelmail squirrelmail 0.3pre2
squirrelmail squirrelmail 0.1.2
squirrelmail squirrelmail 1.4.11
squirrelmail squirrelmail 1.4.12
squirrelmail squirrelmail 1.4.4
squirrelmail squirrelmail 1.4.4_rc1
squirrelmail squirrelmail 1.4.9
squirrelmail squirrelmail 1.4.9a
squirrelmail squirrelmail 1.2.0_rc3
squirrelmail squirrelmail 1.2.0
squirrelmail squirrelmail 1.2.7
squirrelmail squirrelmail 1.1.0
squirrelmail squirrelmail 1.0
squirrelmail squirrelmail 1.0.1
squirrelmail squirrelmail 0.5
squirrelmail squirrelmail 0.4pre1
squirrelmail squirrelmail 0.2
squirrelmail squirrelmail 0.2.1

Synopsis Moderate: squirrelmail security update Type/Severity Security Advisory: Moderate Topic An updated squirrelmail package that resolves various security issues isnow available for Red Hat Enterprise Linux 3, 4 and 5This update has been rated as having moderate security impact by the RedHat Security R ...

CWE-79 http://security-net.biz/wsw/index.php?p=254&n=190 http://secunia.com/advisories/32143 http://www.squirrelmail.org/index.php http://www.securityfocus.com/bid/32603 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://secunia.com/advisories/33054 http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html http://www.debian.org/security/2008/dsa-1682 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html http://secunia.com/advisories/33071 http://support.apple.com/kb/HT3438 http://www.vupen.com/english/advisories/2008/3332 https://exchange.xforce.ibmcloud.com/vulnerabilities/47024 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764 https://access.redhat.com/errata/RHSA-2009:0010 https://nvd.nist.gov

CVE-2008-2379

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect