CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0160
https://notcve.org/view.php?id=CVE-2003-0160
26 Mar 2003 — Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser. • http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988 •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2002-1648
https://notcve.org/view.php?id=CVE-2002-1648
31 Dec 2002 — Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2002-1649
https://notcve.org/view.php?id=CVE-2002-1649
31 Dec 2002 — Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2002-1650
https://notcve.org/view.php?id=CVE-2002-1650
31 Dec 2002 — The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0296.html •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2002-2086
https://notcve.org/view.php?id=CVE-2002-2086
31 Dec 2002 — Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag. • http://sourceforge.net/tracker/index.php?func=detail&aid=544658&group_id=311&atid=100311 •
CVSS: 6.8EPSS: 2%CPEs: 5EXPL: 0CVE-2002-1341
https://notcve.org/view.php?id=CVE-2002-1341
11 Dec 2002 — Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados en read_body.php de SquirrelMail 1.2.10, 1.2.9, y anteriores, permite a atacantes remotos la inserción de rutinas y código HTML mediante: mailbox parámetros passed_id • http://f0kp.iplus.ru/bz/008.txt •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2002-1276
https://notcve.org/view.php?id=CVE-2002-1276
14 Nov 2002 — An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks. Un arreglo incompleto de una vulnerabilidad de scripting en sitios cruzados (XSS) en SquirreMail 1.2.8 llama a la función strip_tags en el valor PHP_SELF pero no vuelve a guardar el resultado en esa variable, dejandolo abierto a ataques XSS. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2002-1132
https://notcve.org/view.php?id=CVE-2002-1132
04 Oct 2002 — SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script. • http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 3CVE-2002-1131 – SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2002-1131
24 Sep 2002 — Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php. • https://www.exploit-db.com/exploits/21811 •
CVSS: 10.0EPSS: 6%CPEs: 6EXPL: 2CVE-2002-0516 – SquirrelMail 1.2.x - Theme Remote Command Execution
https://notcve.org/view.php?id=CVE-2002-0516
12 Aug 2002 — SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie. SquirreMail 1.2.5 y anteriores permite a usuarios autenticados ejecutar código arbitrario modificando la variable THEME en una cookie • https://www.exploit-db.com/exploits/21358 •