SquirrelMail 1.5.2

CPE Details

SquirrelMail 1.5.2
squirrelmail
squirrelmail
1.5.2
2019-07-11
09h24 +00:00
2019-07-11
09h24 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:squirrelmail:squirrelmail:1.5.2:*:*:*:*:*:*:*

Informations

Vendor

squirrelmail

Product

squirrelmail

Version

1.5.2

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2019-12970 2019-07-01 08h32 +00:00 XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element.
6.1
Moyen
CVE-2009-1578 2009-05-14 15h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING).
4.3
CVE-2009-1579 2009-05-14 15h00 +00:00 The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program.
6.8
CVE-2009-1581 2009-05-14 15h00 +00:00 functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message.
4.3