Lucene search

MitreCVE-2007-2589

HistoryMay 11, 2007 - 4:20 a.m.

CVE-2007-2589

2007-05-1104:20:00

CWE-352

mitre

web.nvd.nist.gov

cve-2007-2589

csrf

squirrelmail

vulnerability

compose.php

img element

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.012

Percentile

85.5%

JSON

Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.

Affected configurations

Nvd

Node

squirrelmailsquirrelmailMatch1.4.0

squirrelmailsquirrelmailMatch1.4.1

squirrelmailsquirrelmailMatch1.4.2

squirrelmailsquirrelmailMatch1.4.3

squirrelmailsquirrelmailMatch1.4.3_r3

squirrelmailsquirrelmailMatch1.4.3_rc1

squirrelmailsquirrelmailMatch1.4.3a

squirrelmailsquirrelmailMatch1.4.3aa

squirrelmailsquirrelmailMatch1.4.4

squirrelmailsquirrelmailMatch1.4.4_rc1

squirrelmailsquirrelmailMatch1.4.5

squirrelmailsquirrelmailMatch1.4.6

squirrelmailsquirrelmailMatch1.4.6_cvs

squirrelmailsquirrelmailMatch1.4.6_rc1

squirrelmailsquirrelmailMatch1.4.7

squirrelmailsquirrelmailMatch1.4.8

squirrelmailsquirrelmailMatch1.4.9

squirrelmailsquirrelmailMatch1.4.9a

VendorProductVersionCPE
squirrelmailsquirrelmail1.4.0cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.1cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.2cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.3cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.3_r3cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.3_rc1cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.3acpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.3aacpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.4cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*
squirrelmailsquirrelmail1.4.4_rc1cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
squirrelmail	squirrelmail	1.4.0	cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:::::::*
squirrelmail	squirrelmail	1.4.1	cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:::::::*
squirrelmail	squirrelmail	1.4.2	cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:::::::*
squirrelmail	squirrelmail	1.4.3	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:::::::*
squirrelmail	squirrelmail	1.4.3_r3	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:::::::*
squirrelmail	squirrelmail	1.4.3_rc1	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:::::::*
squirrelmail	squirrelmail	1.4.3a	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:::::::*
squirrelmail	squirrelmail	1.4.3aa	cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:::::::*
squirrelmail	squirrelmail	1.4.4	cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:::::::*
squirrelmail	squirrelmail	1.4.4_rc1	cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:::::::*