Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0519

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2004-0519
Last Modified 21 Aug 2010 12:20:41
Published 18 Aug 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-0519

Summary

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.

Vulnerable Systems

Application

  • Sgi Propack 3.0

  • Squirrelmail 1.0.4

  • Squirrelmail 1.0.5

  • Squirrelmail 1.2.0

  • Squirrelmail 1.2.1

  • Squirrelmail 1.2.10

  • Squirrelmail 1.2.11

  • Squirrelmail 1.2.2

  • Squirrelmail 1.2.3

  • Squirrelmail 1.2.4

  • Squirrelmail 1.2.5

  • Squirrelmail 1.2.6

  • Squirrelmail 1.2.7

  • Squirrelmail 1.2.8

  • Squirrelmail 1.2.9

  • Squirrelmail 1.4

  • Squirrelmail 1.4.1

  • Squirrelmail 1.4.2


References

FEDORA - FEDORA-2004-1733

BID - 10246

FEDORA - FEDORA-2004-160

DEBIAN - DSA-535

SECUNIA - 12289

SECUNIA - 11870

SECUNIA - 11686

SECUNIA - 11531

REDHAT - RHSA-2004:240

SGI - 20040604-01-U

XF - squirrel-composephp-xss(16025)

BUGTRAQ - 20040430 Re: SquirrelMail Cross Scripting Attacks....

SUSE - SUSE-SR:2005:019

GENTOO - GLSA-200405-16

BUGTRAQ - 20040429 SquirrelMail Cross Scripting Attacks....

CONECTIVA - CLA-2004:858


Last Updated: 27 May 2016 10:38:38