Page 2 of 26 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. La página de visualización de mensajes de email en SquirrelMail hasta la versión 1.4.22 tiene Cross-Site Scripting (XSS) mediante un ataque " • http://www.openwall.com/lists/oss-security/2018/07/26/2 https://bugs.debian.org/905023 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC https://sourceforge.net/p/squirrelmail/bugs/2831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack. La página de visualización de mensajes de email en SquirrelMail hasta la versión 1.4.22 tiene Cross-Site Scripting (XSS) mediante un ataque " • http://www.openwall.com/lists/oss-security/2018/07/26/2 https://bugs.debian.org/905023 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC https://sourceforge.net/p/squirrelmail/bugs/2831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack. La página de visualización de mensajes de email en SquirrelMail hasta la versión 1.4.22 tiene Cross-Site Scripting (XSS) mediante un ataque " • http://www.openwall.com/lists/oss-security/2018/07/26/2 https://bugs.debian.org/905023 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC https://sourceforge.net/p/squirrelmail/bugs/2831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. La página de visualización de mensajes de email en SquirrelMail hasta la versión 1.4.22 tiene Cross-Site Scripting (XSS) mediante el atributo formaction. • http://www.openwall.com/lists/oss-security/2018/07/26/2 https://bugs.debian.org/905023 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP5O562A4FM5TCFNEW73SS6PZONSAC https://sourceforge.net/p/squirrelmail/bugs/2831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php. Un error de salto de directorio en SquirrelMail 1.4.22 permite que un atacante autenticado exfiltre (o elimine) archivos del servidor que los aloja. Esto está relacionado con ../ en el campo att_local_name en Deliver.class.php. • http://www.openwall.com/lists/oss-security/2018/03/17/2 http://www.securitytracker.com/id/1040554 https://gist.github.com/hannob/3c4f86863c418930ad08853c1109364e https://insinuator.net/2018/03/squirrelmail-full-disclosure-troopers18 https://lists.debian.org/debian-lts-announce/2018/04/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVXTYMZ35IC5KPNMAE6BWAQWURMX7KZO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5FP • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •