// For flags

CVE-2006-0188

 

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-01-12 CVE Reserved
  • 2006-02-24 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (22)
URL Tag Source
http://secunia.com/advisories/19130 Third Party Advisory
http://secunia.com/advisories/19131 Third Party Advisory
http://secunia.com/advisories/19176 Third Party Advisory
http://secunia.com/advisories/19205 Third Party Advisory
http://secunia.com/advisories/19960 Third Party Advisory
http://secunia.com/advisories/20210 Third Party Advisory
http://securitytracker.com/id?1015662 Vdb Entry
http://www.securityfocus.com/bid/16756 Vdb Entry
http://www.squirrelmail.org/security/issue/2006-02-01 X_refsource_confirm
http://www.vupen.com/english/advisories/2006/0689 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/24847 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10419 Signature
URL Date SRC
URL Date SRC
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc 2017-10-11
http://secunia.com/advisories/18985 2017-10-11
http://www.debian.org/security/2006/dsa-988 2017-10-11
http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml 2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2006:049 2017-10-11
http://www.novell.com/linux/security/advisories/2006_05_sr.html 2017-10-11
http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html 2017-10-11
http://www.redhat.com/support/errata/RHSA-2006-0283.html 2017-10-11
https://access.redhat.com/security/cve/CVE-2006-0188 2006-05-03
https://bugzilla.redhat.com/show_bug.cgi?id=1617876 2006-05-03
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.1
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.1"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.2
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.2"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.3
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.3"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.3_r3
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.3_r3"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.3_rc1
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.3_rc1"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.3a
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.3a"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.4
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.4"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.4_rc1
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.4_rc1"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.5
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.5"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.6_rc1
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.6_rc1"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4_rc1
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4_rc1"
-
Affected