6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.3 Medium
AI Score
Confidence
High
0.023 Low
EPSS
Percentile
89.7%
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858
marc.info/?l=bugtraq&m=108334862800260
rhn.redhat.com/errata/RHSA-2004-240.html
secunia.com/advisories/11531
secunia.com/advisories/11686
secunia.com/advisories/11870
secunia.com/advisories/12289
security.gentoo.org/glsa/glsa-200405-16.xml
www.debian.org/security/2004/dsa-535
www.novell.com/linux/security/advisories/2005_19_sr.html
www.securityfocus.com/advisories/6827
www.securityfocus.com/archive/1/361857
www.securityfocus.com/bid/10246
bugzilla.fedora.us/show_bug.cgi?id=1733
exchange.xforce.ibmcloud.com/vulnerabilities/16025
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1006
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10274