// For flags

CVE-2004-0520

SquirrelMail 1.x - Email Header HTML Injection

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.

Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mime.php de SquirrelMail anteriores a 1.4.3 permite a atacantes remotos insertar HTML y script de su elección mediante la cabecera de correo Content-Type, como se ha demostrado usando read_body.php.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2004-05-31 First Exploit
  • 2004-06-02 CVE Reserved
  • 2004-06-03 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-08 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Open Webmail
Search vendor "Open Webmail"
 Open Webmail
Search vendor "Open Webmail" for product "Open Webmail"
 2.30
Search vendor "Open Webmail" for product "Open Webmail" and version "2.30"
-
Affected
Open Webmail
Search vendor "Open Webmail"
 Open Webmail
Search vendor "Open Webmail" for product "Open Webmail"
 2.31
Search vendor "Open Webmail" for product "Open Webmail" and version "2.31"
-
Affected
Open Webmail
Search vendor "Open Webmail"
 Open Webmail
Search vendor "Open Webmail" for product "Open Webmail"
 2.32
Search vendor "Open Webmail" for product "Open Webmail" and version "2.32"
-
Affected
Sgi
Search vendor "Sgi"
 Propack
Search vendor "Sgi" for product "Propack"
 3.0
Search vendor "Sgi" for product "Propack" and version "3.0"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.2.0
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.2.0"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.2.1
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.2.1"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.2.2
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.2.2"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.2.3
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.2.3"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.2.4
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.2.4"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.2.5
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.2.5"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.2.6
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.2.6"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.2.7
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.2.7"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.2.8
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.2.8"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.2.9
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.2.9"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.2.10
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.2.10"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.2.11
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.2.11"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.1
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.1"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.2
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.2"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.3_rc1
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.3_rc1"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.5_dev
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.5_dev"
-
Affected