// For flags

CVE-2006-0195

 

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-01-13 CVE Reserved
  • 2006-02-24 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (22)
URL Tag Source
http://secunia.com/advisories/19130 Third Party Advisory
http://secunia.com/advisories/19131 Third Party Advisory
http://secunia.com/advisories/19176 Third Party Advisory
http://secunia.com/advisories/19205 Third Party Advisory
http://secunia.com/advisories/19960 Third Party Advisory
http://secunia.com/advisories/20210 Third Party Advisory
http://securitytracker.com/id?1015662 Vdb Entry
http://www.securityfocus.com/bid/16756 Vdb Entry
http://www.squirrelmail.org/security/issue/2006-02-10 X_refsource_confirm
http://www.vupen.com/english/advisories/2006/0689 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/24848 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9548 Signature
URL Date SRC
URL Date SRC
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc 2017-10-11
http://secunia.com/advisories/18985 2017-10-11
http://www.debian.org/security/2006/dsa-988 2017-10-11
http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml 2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2006:049 2017-10-11
http://www.novell.com/linux/security/advisories/2006_05_sr.html 2017-10-11
http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html 2017-10-11
http://www.redhat.com/support/errata/RHSA-2006-0283.html 2017-10-11
https://access.redhat.com/security/cve/CVE-2006-0195 2006-05-03
https://bugzilla.redhat.com/show_bug.cgi?id=1617877 2006-05-03
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.1
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.1"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.2
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.2"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.3
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.3"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.3_r3
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.3_r3"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.3_rc1
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.3_rc1"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.3a
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.3a"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.4
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.4"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.4_rc1
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.4_rc1"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.5
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.5"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4.6_rc1
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4.6_rc1"
-
Affected
Squirrelmail
Search vendor "Squirrelmail"
 Squirrelmail
Search vendor "Squirrelmail" for product "Squirrelmail"
 1.4_rc1
Search vendor "Squirrelmail" for product "Squirrelmail" and version "1.4_rc1"
-
Affected