CVSS: 6.8EPSS: 0%CPEs: 18EXPL: 2CVE-2004-0519 – SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-0519
03 Jun 2004 — Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SquirrelMail 1.4.2 permiten a atacantes remotos ejecutar script de su elección como otro usuario y posiblemente robar información de autenticación mediante múltiples ve... • https://www.exploit-db.com/exploits/24068 •
CVSS: 6.8EPSS: 14%CPEs: 21EXPL: 2CVE-2004-0520 – SquirrelMail 1.x - Email Header HTML Injection
https://notcve.org/view.php?id=CVE-2004-0520
03 Jun 2004 — Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mime.php de SquirrelMail anteriores a 1.4.3 permite a atacantes remotos insertar HTML y script de su elección mediante la cabecera de correo Content-Type, como se ha demostrado usando read_body.php. • https://www.exploit-db.com/exploits/24160 •
CVSS: 10.0EPSS: 4%CPEs: 18EXPL: 0CVE-2004-0521
https://notcve.org/view.php?id=CVE-2004-0521
03 Jun 2004 — SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php. Vulnerabilidad de inyección de SQL en SquirrelMail anteriores a 1.4.3 RC1 permite a atacantes remotos ejecutar sentencias SQL no autorizadas, con impacto desconocido, probablemente mediante abook_database.php. • ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0160
https://notcve.org/view.php?id=CVE-2003-0160
26 Mar 2003 — Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser. • http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988 •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2002-1648
https://notcve.org/view.php?id=CVE-2002-1648
31 Dec 2002 — Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2002-1649
https://notcve.org/view.php?id=CVE-2002-1649
31 Dec 2002 — Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2002-1650
https://notcve.org/view.php?id=CVE-2002-1650
31 Dec 2002 — The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0296.html •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2002-2086
https://notcve.org/view.php?id=CVE-2002-2086
31 Dec 2002 — Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag. • http://sourceforge.net/tracker/index.php?func=detail&aid=544658&group_id=311&atid=100311 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2002-1132
https://notcve.org/view.php?id=CVE-2002-1132
04 Oct 2002 — SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script. • http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 3CVE-2002-1131 – SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2002-1131
24 Sep 2002 — Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php. • https://www.exploit-db.com/exploits/21811 •