CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14954
https://notcve.org/view.php?id=CVE-2018-14954
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. La página de visualización de mensajes de email en SquirrelMail hasta la versión 1.4.22 tiene Cross-Site Scripting (XSS) mediante el atributo formaction. • http://www.openwall.com/lists/oss-security/2018/07/26/2 https://bugs.debian.org/905023 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC https://sourceforge.net/p/squirrelmail/bugs/2831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14955
https://notcve.org/view.php?id=CVE-2018-14955
The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). La página de visualización de mensajes de email en SquirrelMail hasta la versión 1.4.22 tiene Cross-Site Scripting (XSS) mediante animaciones SVG (animate to attribute). • http://www.openwall.com/lists/oss-security/2018/07/26/2 https://bugs.debian.org/905023 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC https://sourceforge.net/p/squirrelmail/bugs/2831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14953
https://notcve.org/view.php?id=CVE-2018-14953
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. La página de visualización de mensajes de email en SquirrelMail hasta la versión 1.4.22 tiene Cross-Site Scripting (XSS) mediante un ataque " • http://www.openwall.com/lists/oss-security/2018/07/26/2 https://bugs.debian.org/905023 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC https://sourceforge.net/p/squirrelmail/bugs/2831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14952
https://notcve.org/view.php?id=CVE-2018-14952
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack. La página de visualización de mensajes de email en SquirrelMail hasta la versión 1.4.22 tiene Cross-Site Scripting (XSS) mediante un ataque " • http://www.openwall.com/lists/oss-security/2018/07/26/2 https://bugs.debian.org/905023 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC https://sourceforge.net/p/squirrelmail/bugs/2831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-8741
https://notcve.org/view.php?id=CVE-2018-8741
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php. Un error de salto de directorio en SquirrelMail 1.4.22 permite que un atacante autenticado exfiltre (o elimine) archivos del servidor que los aloja. Esto está relacionado con ../ en el campo att_local_name en Deliver.class.php. • http://www.openwall.com/lists/oss-security/2018/03/17/2 http://www.securitytracker.com/id/1040554 https://gist.github.com/hannob/3c4f86863c418930ad08853c1109364e https://insinuator.net/2018/03/squirrelmail-full-disclosure-troopers18 https://lists.debian.org/debian-lts-announce/2018/04/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •