2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.019 Low
EPSS
Percentile
88.5%
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail
1.5.1 and earlier, when register_globals is enabled, allows remote
attackers to inject arbitrary HTML via the mailbox parameter.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.10 | noarch | squirrelmail | < 1.4.8-1ubuntu0.1 | UNKNOWN |
ubuntu | 7.04 | noarch | squirrelmail | < 1.4.9a-1ubuntu0.1 | UNKNOWN |
ubuntu | 7.10 | noarch | squirrelmail | < 1.4.10a-2 | UNKNOWN |
ubuntu | 8.04 | noarch | squirrelmail | < 1.4.10a-2 | UNKNOWN |
ubuntu | 8.10 | noarch | squirrelmail | < 1.4.10a-2 | UNKNOWN |
ubuntu | 9.04 | noarch | squirrelmail | < 1.4.10a-2 | UNKNOWN |
ubuntu | 9.10 | noarch | squirrelmail | < 1.4.10a-2 | UNKNOWN |