31 results (0.013 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3

XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element. Se detectó un XSS en SquirrelMail hasta la versión 1.4.22 y versión 1.5.x hasta 1.5.2. Debido al manejo inapropiado de los elementos de tipo RCDATA y RAWTEXT, el mecanismo de saneamiento incorporado puede ser omitido. • http://packetstormsecurity.com/files/153495/SquirrelMail-1.4.22-Cross-Site-Scripting.html https://lists.debian.org/debian-lts-announce/2019/08/msg00000.html https://seclists.org/bugtraq/2019/Jul/0 https://seclists.org/bugtraq/2019/Jul/50 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-016.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack. La página de visualización de mensajes de email en SquirrelMail hasta la versión 1.4.22 tiene Cross-Site Scripting (XSS) mediante un ataque " • http://www.openwall.com/lists/oss-security/2018/07/26/2 https://bugs.debian.org/905023 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC https://sourceforge.net/p/squirrelmail/bugs/2831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). La página de visualización de mensajes de email en SquirrelMail hasta la versión 1.4.22 tiene Cross-Site Scripting (XSS) mediante animaciones SVG (animate to attribute). • http://www.openwall.com/lists/oss-security/2018/07/26/2 https://bugs.debian.org/905023 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC https://sourceforge.net/p/squirrelmail/bugs/2831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. La página de visualización de mensajes de email en SquirrelMail hasta la versión 1.4.22 tiene Cross-Site Scripting (XSS) mediante un ataque " • http://www.openwall.com/lists/oss-security/2018/07/26/2 https://bugs.debian.org/905023 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC https://sourceforge.net/p/squirrelmail/bugs/2831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack. La página de visualización de mensajes de email en SquirrelMail hasta la versión 1.4.22 tiene Cross-Site Scripting (XSS) mediante un ataque " • http://www.openwall.com/lists/oss-security/2018/07/26/2 https://bugs.debian.org/905023 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC https://sourceforge.net/p/squirrelmail/bugs/2831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •