CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
73.7%
SquirrelMail from SquirrelMail Project is an open source webmail (web-based email).
SquirrelMail contains an issue in processing of sending a message or setting changes, which may result in cross-site request forgery.
A remote attacker may send an arbitrary email or change the settings.
Update the Software
Update to the latest version of SquirrelMail according to the information provided by the developer.
The issue was resolved in SquirrelMail 1.4.20.