Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2018-14955

Published: 05/08/2018 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Squirrelmail

Vulnerability Summary

The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via SVG animations (animate to attribute).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

squirrelmail squirrelmail

Vendor Advisories

Debian CVElist Bug Report Logs: squirrelmail: CVE-2018-14950 CVE-2018-14951 CVE-2018-14952 CVE-2018-14953 CVE-2018-14954 CVE-2018-14955
Debian Bug report logs - #905023 squirrelmail: CVE-2018-14950 CVE-2018-14951 CVE-2018-14952 CVE-2018-14953 CVE-2018-14954 CVE-2018-14955 Package: src:squirrelmail; Maintainer for src:squirrelmail is Jeroen van Wolffelaar <jeroen@wolffelaarnl>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 30 Jul 20 ...
Red Hat: CVE-2018-14955
The mail message display page in SquirrelMail through 1422 has XSS via SVG animations (animate to attribute) ...

References

CWE-79https://sourceforge.net/p/squirrelmail/bugs/2831/https://bugs.debian.org/905023http://www.openwall.com/lists/oss-security/2018/07/26/2https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905023https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook