Published: 14/07/2011 Updated: 14/02/2012

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail prior to 1.4.22 allows remote malicious users to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
squirrelmail squirrelmail 0.2
squirrelmail squirrelmail 0.3.1
squirrelmail squirrelmail 1.4.13
squirrelmail squirrelmail 1.4.15
squirrelmail squirrelmail 1.4.6
squirrelmail squirrelmail 1.4.18
squirrelmail squirrelmail 1.3.1
squirrelmail squirrelmail 1.1.0
squirrelmail squirrelmail 1.0.1
squirrelmail squirrelmail 1.0.2
squirrelmail squirrelmail 0.4pre2
squirrelmail squirrelmail 1.2.6
squirrelmail squirrelmail 1.2.0
squirrelmail squirrelmail 1.2
squirrelmail squirrelmail 1.4.0-r1
squirrelmail squirrelmail 0.1
squirrelmail squirrelmail 0.2.1
squirrelmail squirrelmail 0.1.2
squirrelmail squirrelmail 0.1.1
squirrelmail squirrelmail 1.4.19
squirrelmail squirrelmail 0.3
squirrelmail squirrelmail 0.3pre2
squirrelmail squirrelmail 1.4.15rc1
squirrelmail squirrelmail 1.4.3
squirrelmail squirrelmail 1.4.4
squirrelmail squirrelmail 1.1.1
squirrelmail squirrelmail 1.1.2
squirrelmail squirrelmail 1.1.3
squirrelmail squirrelmail 1.0.3
squirrelmail squirrelmail 1.0.6
squirrelmail squirrelmail 1.4.5
squirrelmail squirrelmail 1.4.20
squirrelmail squirrelmail 1.4.2-r1
squirrelmail squirrelmail 1.4.2-r3
squirrelmail squirrelmail 1.4.8
squirrelmail squirrelmail 1.4.7
squirrelmail squirrelmail 1.4.2
squirrelmail squirrelmail 1.2.5
squirrelmail squirrelmail 1.4
squirrelmail squirrelmail 1.4.9a
squirrelmail squirrelmail 0.3pre1
squirrelmail squirrelmail 0.4
squirrelmail squirrelmail 1.4.17
squirrelmail squirrelmail 1.4.0
squirrelmail squirrelmail 1.4.16
squirrelmail squirrelmail 1.4.10
squirrelmail squirrelmail 1.0pre1
squirrelmail squirrelmail 1.0pre2
squirrelmail squirrelmail 0.5pre1
squirrelmail squirrelmail 0.5pre2
squirrelmail squirrelmail 1.4.12
squirrelmail squirrelmail 1.4.11
squirrelmail squirrelmail 1.4.2-r2
squirrelmail squirrelmail 1.4.2-r5
squirrelmail squirrelmail 1.4.6_cvs
squirrelmail squirrelmail 1.4.1
squirrelmail squirrelmail 1.4.10a
squirrelmail squirrelmail 1.2.3
squirrelmail squirrelmail 1.2.4
squirrelmail squirrelmail
squirrelmail squirrelmail 1.3.0
squirrelmail squirrelmail 1.3.2
squirrelmail squirrelmail 1.0pre3
squirrelmail squirrelmail 1.0
squirrelmail squirrelmail 0.5
squirrelmail squirrelmail 0.4pre1
squirrelmail squirrelmail 1.0.5
squirrelmail squirrelmail 1.0.4
squirrelmail squirrelmail 1.4.2-r4
squirrelmail squirrelmail 1.2.9
squirrelmail squirrelmail 1.2.11
squirrelmail squirrelmail 1.2.2
squirrelmail squirrelmail 1.4.9
squirrelmail squirrelmail 1.4.8.4fc6
squirrelmail squirrelmail 1.4.3aa
squirrelmail squirrelmail 1.4.3a
squirrelmail squirrelmail 1.2.7
squirrelmail squirrelmail 1.2.8
squirrelmail squirrelmail 1.2.1
squirrelmail squirrelmail 1.2.10

Synopsis Moderate: squirrelmail security update Type/Severity Security Advisory: Moderate Topic An updated squirrelmail package that fixes several security issues is nowavailable for Red Hat Enterprise Linux 4 and 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact ...

CWE-79 http://www.squirrelmail.org/security/issue/2011-07-10 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14121 http://securitytracker.com/id?1025766 https://bugzilla.redhat.com/show_bug.cgi?id=720695 http://www.debian.org/security/2011/dsa-2291 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://support.apple.com/kb/HT5130 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://rhn.redhat.com/errata/RHSA-2012-0103.html https://access.redhat.com/errata/RHSA-2012:0103 https://nvd.nist.gov

CVE-2011-2023

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect