Squirrelmail: >> Squirrelmail >> 1.0.5 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.
CVSS Score
5.8
EPSS Score
0.004
Published
2003-04-02
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
CVSS Score
7.5
EPSS Score
0.025
Published
2002-10-04
SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.
CVSS Score
5.0
EPSS Score
0.006
Published
2002-10-04
load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.
CVSS Score
7.5
EPSS Score
0.02
Published
2001-07-02
Page 4