PT-2004-1631 · Squirrelmail · Squirrelmail

Alvin Alex

Published

2004-06-03

Updated

2017-10-11

CVE-2004-0519

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SquirrelMail version 1.4.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary script as other users, potentially leading to the theft of authentication information. The mailbox parameter in the compose.php file is one of the attack vectors.

Recommendations For SquirrelMail version 1.4.2, consider disabling access to the compose.php file or restricting the use of the mailbox parameter until a fix is available. Avoid using the mailbox parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0519

DSA-535

RHSA-2004:240

Affected Products

Squirrelmail

PT-2004-1631 · Squirrelmail · Squirrelmail

CVE-2004-0519

Related Identifiers

Affected Products

References · 21