Lucene search

[email protected]NVD:CVE-2006-3174

HistoryJun 23, 2006 - 12:02 a.m.

CVE-2006-3174

2006-06-2300:02:00

[email protected]

web.nvd.nist.gov

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.5%

JSON

Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.

Affected configurations

NVD

Node

squirrelmailsquirrelmailRange≤1.5.1

References

docs.info.apple.com/article.html?artnum=306172

lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

pridels0.blogspot.com/2006/06/squirrelmail-151-xss-vuln.html

secunia.com/advisories/26235

www.mandriva.com/security/advisories?name=MDKSA-2006:147

www.osvdb.org/26610

www.securityfocus.com/bid/18700

www.securityfocus.com/bid/25159

www.vupen.com/english/advisories/2007/2732

exchange.xforce.ibmcloud.com/vulnerabilities/26941

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.5%

JSON

Related for NVD:CVE-2006-3174

cve1 ubuntucve1 nessus2 redhatcve1 cvelist1 oraclelinux1 fedora1 openvas2 seebug1