4.3
CVSSv2

CVE-2019-12970

Published: 01/07/2019 Updated: 30/07/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

XSS exists in SquirrelMail up to and including 1.4.22 and 1.5.x up to and including 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element.

Vulnerability Trend

Vendor Advisories

Impact: Moderate Public Date: 2019-07-01 CWE: CWE-79 Bugzilla: 1726498: CVE-2019-12970 squirrelmail: im ...

Mailing Lists

SquirrelMail version 1422 suffers from a cross site scripting vulnerability ...
Advisory ID: SYSS-2019-016 Product: SquirrelMail Manufacturer: The SquirrelMail Project Affected Version(s): 1422, SVN Tested Version(s): SVN Vulnerability Type: Cross-Site Scripting (CWE-79) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-04-17 Solution Date: N/A Public Disclosure: 2019-07-01 CVE Reference: CVE-2019-1297 ...
Advisory ID: SYSS-2019-016 (update 1) Product: SquirrelMail Manufacturer: The SquirrelMail Project Affected Version(s): 1422, SVN Tested Version(s): SVN Vulnerability Type: Cross-Site Scripting (CWE-79) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-04-17 Solution Date: 2019-07-24 Public Disclosure: 2019-07-01 CVE Refere ...