Shodan
Vulnerabilities
Vulnerable Software
Squirrelmail:  >> Squirrelmail  >> 1.2.6  Security Vulnerabilities
CVE-2004-0519
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
CVSS Score
6.8
EPSS Score
0.001
Published
2004-08-18
CVE-2004-0520
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
CVSS Score
6.8
EPSS Score
0.149
Published
2004-08-18
CVE-2004-0521
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
CVSS Score
10.0
EPSS Score
0.047
Published
2004-08-18
CVE-2004-0639
Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.
CVSS Score
6.8
EPSS Score
0.036
Published
2004-08-06
CVE-2003-0160
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.
CVSS Score
5.8
EPSS Score
0.004
Published
2003-04-02
CVE-2002-1341
Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.
CVSS Score
6.8
EPSS Score
0.021
Published
2002-12-18
CVE-2002-1131
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
CVSS Score
7.5
EPSS Score
0.025
Published
2002-10-04
CVE-2002-1132
SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.
CVSS Score
5.0
EPSS Score
0.006
Published
2002-10-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved