CVE-2006-0195 : Detail

CVE-2006-0195

1.87%V3
Network
2006-02-23
23h00 +00:00
2017-10-09
22h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Products Mentioned

Configuraton 0

Squirrelmail>>Squirrelmail >> Version 1.4

    Squirrelmail>>Squirrelmail >> Version 1.4.1

    Squirrelmail>>Squirrelmail >> Version 1.4.2

    Squirrelmail>>Squirrelmail >> Version 1.4.3

    Squirrelmail>>Squirrelmail >> Version 1.4.3_r3

      Squirrelmail>>Squirrelmail >> Version 1.4.3_rc1

        Squirrelmail>>Squirrelmail >> Version 1.4.3a

          Squirrelmail>>Squirrelmail >> Version 1.4.4

          Squirrelmail>>Squirrelmail >> Version 1.4.4_rc1

            Squirrelmail>>Squirrelmail >> Version 1.4.5

            Squirrelmail>>Squirrelmail >> Version 1.4.6_rc1

              Squirrelmail>>Squirrelmail >> Version 1.4_rc1

                References

                http://www.mandriva.com/security/advisories?name=MDKSA-2006:049
                Tags : vendor-advisory, x_refsource_MANDRIVA
                http://www.redhat.com/support/errata/RHSA-2006-0283.html
                Tags : vendor-advisory, x_refsource_REDHAT
                http://secunia.com/advisories/19176
                Tags : third-party-advisory, x_refsource_SECUNIA
                http://secunia.com/advisories/20210
                Tags : third-party-advisory, x_refsource_SECUNIA
                http://www.vupen.com/english/advisories/2006/0689
                Tags : vdb-entry, x_refsource_VUPEN
                http://secunia.com/advisories/18985
                Tags : third-party-advisory, x_refsource_SECUNIA
                http://secunia.com/advisories/19205
                Tags : third-party-advisory, x_refsource_SECUNIA
                http://secunia.com/advisories/19960
                Tags : third-party-advisory, x_refsource_SECUNIA
                http://www.securityfocus.com/bid/16756
                Tags : vdb-entry, x_refsource_BID
                http://secunia.com/advisories/19130
                Tags : third-party-advisory, x_refsource_SECUNIA
                http://www.debian.org/security/2006/dsa-988
                Tags : vendor-advisory, x_refsource_DEBIAN
                http://secunia.com/advisories/19131
                Tags : third-party-advisory, x_refsource_SECUNIA
                http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml
                Tags : vendor-advisory, x_refsource_GENTOO
                http://securitytracker.com/id?1015662
                Tags : vdb-entry, x_refsource_SECTRACK