Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2009-1578

Published: 14/05/2009 Updated: 29/09/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Squirrelmail

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail prior to 1.4.18 and NaSMail prior to 1.7 allow remote malicious users to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING).

Vulnerable Product Search on Vulmon Subscribe to Product

squirrelmail squirrelmail 1.4.10a

squirrelmail squirrelmail 1.4.10

squirrelmail squirrelmail 1.2.8

squirrelmail squirrelmail 1.2.6

squirrelmail squirrelmail 1.2.3

squirrelmail squirrelmail 1.2.4

squirrelmail squirrelmail 1.1.2

squirrelmail squirrelmail 1.1.3

squirrelmail squirrelmail 1.0

squirrelmail squirrelmail 0.4

squirrelmail squirrelmail 0.4pre1

squirrelmail squirrelmail 0.4pre2

squirrelmail squirrelmail 0.3pre1

squirrelmail squirrelmail

squirrelmail squirrelmail 1.4.12

squirrelmail squirrelmail 1.4.11

squirrelmail squirrelmail 1.4

squirrelmail squirrelmail 1.2.7

squirrelmail squirrelmail 1.4.0_rc1

squirrelmail squirrelmail 1.2

squirrelmail squirrelmail 1.2.5

squirrelmail squirrelmail 1.2.10

squirrelmail squirrelmail 1.1.1

squirrelmail squirrelmail 1.0pre3

squirrelmail squirrelmail 1.0.6

squirrelmail squirrelmail 1.1.0

squirrelmail squirrelmail 0.5pre2

squirrelmail squirrelmail 0.5

squirrelmail squirrelmail 0.3

squirrelmail squirrelmail 0.3pre2

squirrelmail squirrelmail 1.4.1

squirrelmail squirrelmail 1.4.0_rc2a

squirrelmail squirrelmail 1.3.0

squirrelmail squirrelmail 1.3.2

squirrelmail squirrelmail 1.2.11

squirrelmail squirrelmail 1.2.2

squirrelmail squirrelmail 1.0pre1

squirrelmail squirrelmail 1.0.5

squirrelmail squirrelmail 1.0.1

squirrelmail squirrelmail 1.0.2

squirrelmail squirrelmail 0.1

squirrelmail squirrelmail 0.2.1

squirrelmail squirrelmail 0.1.2

squirrelmail squirrelmail 0.1.1

squirrelmail squirrelmail 1.4.15_rc1

squirrelmail squirrelmail 1.4.15

squirrelmail squirrelmail 1.4.0

squirrelmail squirrelmail 1.2.9

squirrelmail squirrelmail 1.3.1

squirrelmail squirrelmail 1.2.0

squirrelmail squirrelmail 1.2.1

squirrelmail squirrelmail 1.2.0_rc3

squirrelmail squirrelmail 1.0pre2

squirrelmail squirrelmail 1.0.4

squirrelmail squirrelmail 1.0.3

squirrelmail squirrelmail 0.5pre1

squirrelmail squirrelmail 0.2

squirrelmail squirrelmail 0.3.1

squirrelmail squirrelmail 1.4.16

Vendor Advisories

Red Hat: Important: squirrelmail security update
Synopsis Important: squirrelmail security update Type/Severity Security Advisory: Important Topic An updated squirrelmail package that fixes multiple security issues is nowavailable for Red Hat Enterprise Linux 3, 4, and 5This update has been rated as having important security impact by the RedHat Security ...
Debian CVElist Bug Report Logs: [squirrelmail] Please bring latest security-fix release 1.4.18
Debian Bug report logs - #528528 [squirrelmail] Please bring latest security-fix release 1418 Package: squirrelmail; Maintainer for squirrelmail is Jeroen van Wolffelaar <jeroen@wolffelaarnl>; Source for squirrelmail is src:squirrelmail (PTS, buildd, popcon) Reported by: Philippe Teuwen <phil@teuwenorg> Date: Wed ...
Debian Security Advisories: DSA-1802-2 squirrelmail -- several vulnerabilities
Several remote vulnerabilities have been discovered in SquirrelMail, a webmail application The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1578 Cross site scripting was possible through a number of pages which allowed an attacker to steal sensitive session data CVE-2009-1579, CVE-2009-1381 ...

References

CWE-79https://bugzilla.redhat.com/show_bug.cgi?id=500363https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.htmlhttp://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLoghttp://secunia.com/advisories/35073http://www.securityfocus.com/bid/34916https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.htmlhttp://www.squirrelmail.org/security/issue/2009-05-09http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/contrib/decrypt_headers.php?r1=13672&r2=13671&pathrev=13672http://www.squirrelmail.org/security/issue/2009-05-08http://www.vupen.com/english/advisories/2009/1296http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13672http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/global.php?r1=13670&r2=13669&pathrev=13670http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13670http://secunia.com/advisories/35052http://www.mandriva.com/security/advisories?name=MDVSA-2009:110http://www.debian.org/security/2009/dsa-1802http://secunia.com/advisories/35140https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1066.htmlhttps://gna.org/forum/forum.php?forum_id=2146http://www.vupen.com/english/advisories/2009/3315http://secunia.com/advisories/37415http://osvdb.org/60468http://download.gna.org/nasmail/nasmail-1.7.ziphttp://secunia.com/advisories/35259http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlhttp://secunia.com/advisories/40220http://support.apple.com/kb/HT4188http://www.vupen.com/english/advisories/2010/1481https://exchange.xforce.ibmcloud.com/vulnerabilities/50460https://exchange.xforce.ibmcloud.com/vulnerabilities/50459https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11624https://access.redhat.com/errata/RHSA-2009:1066https://nvd.nist.govhttps://www.debian.org/security/./dsa-1802
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook