Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23052

HistoryApr 10, 2020 - 12:14 a.m.

Cross-Site Request Forgery (CSRF)

2020-04-1000:14:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

EPSS

0.012

Percentile

85.5%

squirrelmail is vulnerable to cross-site request forgery. Squirrelmail did not sufficiently check arguments to IMG tags in HTML e-mail messages. This could be exploited by an attacker by sending arbitrary e-mail messages on behalf of a squirrelmail user tricked into opening a maliciously crafted HTML e-mail message.

References

docs.info.apple.com/article.html?artnum=306172

lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

osvdb.org/35889

secunia.com/advisories/25200

secunia.com/advisories/25320

secunia.com/advisories/25787

secunia.com/advisories/26235

www.mandriva.com/security/advisories?name=MDKSA-2007:106

www.novell.com/linux/security/advisories/2007_13_sr.html

www.redhat.com/security/updates/classification/#moderate

www.securityfocus.com/bid/25159

www.squirrelmail.org/security/issue/2007-05-09

www.vupen.com/english/advisories/2007/1748

www.vupen.com/english/advisories/2007/2732

access.redhat.com/errata/RHSA-2007:0358

exchange.xforce.ibmcloud.com/vulnerabilities/34219

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11448

rhn.redhat.com/errata/RHSA-2007-0358.html

EPSS

0.012

Percentile

85.5%

Related for VERACODE:23052

nvd2 cve2 cvelist2 prion2 ubuntucve2 nessus7 centos1 redhat1 openvas2 oraclelinux1 seebug1