CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14953
https://notcve.org/view.php?id=CVE-2018-14953
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. La página de visualización de mensajes de email en SquirrelMail hasta la versión 1.4.22 tiene Cross-Site Scripting (XSS) mediante un ataque " • http://www.openwall.com/lists/oss-security/2018/07/26/2 https://bugs.debian.org/905023 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC https://sourceforge.net/p/squirrelmail/bugs/2831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14952
https://notcve.org/view.php?id=CVE-2018-14952
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack. La página de visualización de mensajes de email en SquirrelMail hasta la versión 1.4.22 tiene Cross-Site Scripting (XSS) mediante un ataque " • http://www.openwall.com/lists/oss-security/2018/07/26/2 https://bugs.debian.org/905023 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC https://sourceforge.net/p/squirrelmail/bugs/2831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 1%CPEs: 91EXPL: 0CVE-2011-2752 – SquirrelMail: CRLF injection vulnerability
https://notcve.org/view.php?id=CVE-2011-2752
CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555. Vulnerabilidad de inyección CRLF (se refiere a CR (retorno de carro) y LF (salto de línea)en SquirrelMail v1.4.21 y anteriores, que permite a atacantes remotos modificar o añadir valores de preferencia a través de un retorno de carro o nueva línea de carácter. Es una vulnerabilidad diferente a CVE-2010-4555. • http://rhn.redhat.com/errata/RHSA-2012-0103.html http://www.debian.org/security/2011/dsa-2291 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://www.squirrelmail.org/security/issue/2011-07-11 https://exchange.xforce.ibmcloud.com/vulnerabilities/68587 https://access.redhat.com/security/cve/CVE-2011-2752 https://bugzilla.redhat.com/show_bug.cgi?id=722831 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 91EXPL: 0CVE-2011-2753 – SquirrelMail: CSRF in the empty trash feature and in Index Order page
https://notcve.org/view.php?id=CVE-2011-2753
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en SquirrelMail v1.4.21 y anteriores permite a atacantes remotos secuestrar la autenticación de las víctimas a través de vectores no especificados participación (1) la implementación de la basura y (2) con la página Index Order (también conocido como options_order), una problema diferente a CVE-2010-4555. • http://rhn.redhat.com/errata/RHSA-2012-0103.html http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119 http://www.debian.org/security/2011/dsa-2291 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 https://bugzilla.redhat.com/show_bug.cgi?id=720694 https://exchange.xforce.ibmcloud.com/vulnerabilities/68586 https://access.redhat.com/security/cve/CVE-2011-2753 https://bugzilla.redhat.com/show_bug.cgi?id=722832 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 91EXPL: 0CVE-2011-2023 – SquirrelMail: XSS in <style> tag handling
https://notcve.org/view.php?id=CVE-2011-2023
Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en functions/mime.php en SquirrelMail anterior a v.1.4.22 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un elemento STYLE en un correo electrónico. • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://rhn.redhat.com/errata/RHSA-2012-0103.html http://securitytracker.com/id?1025766 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14121 http://support.apple.com/kb/HT5130 http://www.debian.org/security/2011/dsa-2291 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://www.squirrelmail.org/security/issue/2011-07-10 https://bugzilla.redhat.com/show_bug.cgi&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •