4.3
CVSSv2

CVE-2009-1581

Published: 14/05/2009 Updated: 29/09/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

functions/mime.php in SquirrelMail prior to 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote malicious users to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message.

Vulnerable Product Search on Vulmon Subscribe to Product

squirrelmail squirrelmail 1.4.15_rc1

squirrelmail squirrelmail 1.4.0

squirrelmail squirrelmail 1.2.9

squirrelmail squirrelmail 1.3.2

squirrelmail squirrelmail 1.3.1

squirrelmail squirrelmail 1.2.2

squirrelmail squirrelmail 1.2.1

squirrelmail squirrelmail 1.2.0_rc3

squirrelmail squirrelmail 1.0pre2

squirrelmail squirrelmail 1.0.4

squirrelmail squirrelmail 1.0.2

squirrelmail squirrelmail 1.0.3

squirrelmail squirrelmail 0.2

squirrelmail squirrelmail 0.3.1

squirrelmail squirrelmail 1.4.16

squirrelmail squirrelmail

squirrelmail squirrelmail 1.4.10a

squirrelmail squirrelmail 1.4.10

squirrelmail squirrelmail 1.4.0_rc1

squirrelmail squirrelmail 1.2.8

squirrelmail squirrelmail 1.2.5

squirrelmail squirrelmail 1.2.3

squirrelmail squirrelmail 1.1.2

squirrelmail squirrelmail 1.1.3

squirrelmail squirrelmail 1.1.0

squirrelmail squirrelmail 1.0

squirrelmail squirrelmail 0.5

squirrelmail squirrelmail 0.4pre1

squirrelmail squirrelmail 0.3pre1

squirrelmail squirrelmail 1.4.1

squirrelmail squirrelmail 1.4.0_rc2a

squirrelmail squirrelmail 1.2.6

squirrelmail squirrelmail 1.3.0

squirrelmail squirrelmail 1.2.4

squirrelmail squirrelmail 1.2.11

squirrelmail squirrelmail 1.0pre1

squirrelmail squirrelmail 1.0.5

squirrelmail squirrelmail 0.4

squirrelmail squirrelmail 1.0.1

squirrelmail squirrelmail 0.4pre2

squirrelmail squirrelmail 0.1

squirrelmail squirrelmail 0.2.1

squirrelmail squirrelmail 0.1.2

squirrelmail squirrelmail 0.1.1

squirrelmail squirrelmail 1.4.15

squirrelmail squirrelmail 1.4.12

squirrelmail squirrelmail 1.4.11

squirrelmail squirrelmail 1.4

squirrelmail squirrelmail 1.2.7

squirrelmail squirrelmail 1.2.0

squirrelmail squirrelmail 1.2

squirrelmail squirrelmail 1.2.10

squirrelmail squirrelmail 1.1.1

squirrelmail squirrelmail 1.0pre3

squirrelmail squirrelmail 1.0.6

squirrelmail squirrelmail 0.5pre1

squirrelmail squirrelmail 0.5pre2

squirrelmail squirrelmail 0.3

squirrelmail squirrelmail 0.3pre2

Vendor Advisories

Synopsis Important: squirrelmail security update Type/Severity Security Advisory: Important Topic An updated squirrelmail package that fixes multiple security issues is nowavailable for Red Hat Enterprise Linux 3, 4, and 5This update has been rated as having important security impact by the RedHat Security ...
Debian Bug report logs - #528528 [squirrelmail] Please bring latest security-fix release 1418 Package: squirrelmail; Maintainer for squirrelmail is Jeroen van Wolffelaar <jeroen@wolffelaarnl>; Source for squirrelmail is src:squirrelmail (PTS, buildd, popcon) Reported by: Philippe Teuwen <phil@teuwenorg> Date: Wed ...
Several remote vulnerabilities have been discovered in SquirrelMail, a webmail application The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1578 Cross site scripting was possible through a number of pages which allowed an attacker to steal sensitive session data CVE-2009-1579, CVE-2009-1381 ...

References

CWE-79https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:110http://secunia.com/advisories/35052https://bugzilla.redhat.com/show_bug.cgi?id=500356http://www.squirrelmail.org/security/issue/2009-05-12http://www.securityfocus.com/bid/34916http://www.vupen.com/english/advisories/2009/1296http://secunia.com/advisories/35073https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.htmlhttp://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667&r2=13666&pathrev=13667http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLoghttp://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667http://secunia.com/advisories/35140http://www.debian.org/security/2009/dsa-1802https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1066.htmlhttp://secunia.com/advisories/35259http://secunia.com/advisories/40220http://www.vupen.com/english/advisories/2010/1481http://support.apple.com/kb/HT4188http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/50463https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441https://access.redhat.com/errata/RHSA-2009:1066https://nvd.nist.govhttps://www.debian.org/security/./dsa-1802