Page 8 of 44 results (0.012 seconds)

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1

Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html http://www.kb.cert.org/vuls/id/153043 http://www.securityfocus.com/bid/3956 https://exchange.xforce.ibmcloud.com/vulnerabilities/7989 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html http://www.kb.cert.org/vuls/id/153043 http://www.securityfocus.com/bid/3956 https://exchange.xforce.ibmcloud.com/vulnerabilities/7989 •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1

The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0296.html http://archives.neohapsis.com/archives/bugtraq/2002-01/0306.html https://exchange.xforce.ibmcloud.com/vulnerabilities/7990 •

CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag. • http://sourceforge.net/tracker/index.php?func=detail&aid=544658&group_id=311&atid=100311 http://sourceforge.net/tracker/index.php?func=detail&aid=545933&group_id=311&atid=100311 http://www.securityfocus.com/bid/4666 http://www.securityfocus.com/bid/4667 http://www.squirrelmail.org/changelog.php https://exchange.xforce.ibmcloud.com/vulnerabilities/9008 https://exchange.xforce.ibmcloud.com/vulnerabilities/9009 •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados en read_body.php de SquirrelMail 1.2.10, 1.2.9, y anteriores, permite a atacantes remotos la inserción de rutinas y código HTML mediante: mailbox parámetros passed_id • http://f0kp.iplus.ru/bz/008.txt http://marc.info/?l=bugtraq&m=103893844126484&w=2 http://marc.info/?l=bugtraq&m=103911130503272&w=2 http://marc.info/?l=bugtraq&m=104004924002662&w=2 http://secunia.com/advisories/8220 http://www.debian.org/security/2002/dsa-220 http://www.redhat.com/support/errata/RHSA-2003-042.html http://www.securityfocus.com/bid/6302 https://exchange.xforce.ibmcloud.com/vulnerabilities/10754 •