Vulnerability Details CVE-2002-2086
Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.5%
CVSS Severity
CVSS v2 Score 4.3
References
- http://sourceforge.net/tracker/index.php?func=detail&aid=544658&group_id=311&atid=100311
- http://sourceforge.net/tracker/index.php?func=detail&aid=545933&group_id=311&atid=100311
- http://www.securityfocus.com/bid/4666
- http://www.securityfocus.com/bid/4667
- http://www.squirrelmail.org/changelog.php
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9008
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9009
- http://sourceforge.net/tracker/index.php?func=detail&aid=544658&group_id=311&atid=100311
- http://sourceforge.net/tracker/index.php?func=detail&aid=545933&group_id=311&atid=100311
- http://www.securityfocus.com/bid/4666
- http://www.securityfocus.com/bid/4667
- http://www.squirrelmail.org/changelog.php
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9008
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9009
Products affected by CVE-2002-2086
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.0
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.1
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.2
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.3
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.4
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.5