Vulnerability Details CVE-2004-0519
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.8%
CVSS Severity
CVSS v2 Score 6.8
References
- ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858
- http://marc.info/?l=bugtraq&m=108334862800260
- http://rhn.redhat.com/errata/RHSA-2004-240.html
- http://secunia.com/advisories/11531
- http://secunia.com/advisories/11686
- http://secunia.com/advisories/11870
- http://secunia.com/advisories/12289
- http://security.gentoo.org/glsa/glsa-200405-16.xml
- http://www.debian.org/security/2004/dsa-535
- http://www.novell.com/linux/security/advisories/2005_19_sr.html
- http://www.securityfocus.com/advisories/6827
- http://www.securityfocus.com/archive/1/361857
- http://www.securityfocus.com/bid/10246
- https://bugzilla.fedora.us/show_bug.cgi?id=1733
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16025
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1006
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10274
- ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858
- http://marc.info/?l=bugtraq&m=108334862800260
- http://rhn.redhat.com/errata/RHSA-2004-240.html
- http://secunia.com/advisories/11531
- http://secunia.com/advisories/11686
- http://secunia.com/advisories/11870
- http://secunia.com/advisories/12289
- http://security.gentoo.org/glsa/glsa-200405-16.xml
- http://www.debian.org/security/2004/dsa-535
- http://www.novell.com/linux/security/advisories/2005_19_sr.html
- http://www.securityfocus.com/advisories/6827
- http://www.securityfocus.com/archive/1/361857
- http://www.securityfocus.com/bid/10246
- https://bugzilla.fedora.us/show_bug.cgi?id=1733
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16025
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1006
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10274
Products affected by CVE-2004-0519
-
cpe:2.3:a:sgi:propack:3.0
-
cpe:2.3:a:squirrelmail:squirrelmail:1.0.4
-
cpe:2.3:a:squirrelmail:squirrelmail:1.0.5
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.0
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.1
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.10
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.11
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.2
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.3
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.4
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.5
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.6
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.7
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.8
-
cpe:2.3:a:squirrelmail:squirrelmail:1.2.9
-
cpe:2.3:a:squirrelmail:squirrelmail:1.4
-
cpe:2.3:a:squirrelmail:squirrelmail:1.4.1
-
cpe:2.3:a:squirrelmail:squirrelmail:1.4.2