Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3128

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3128
Last Modified 07 Mar 2011 09:25:50
Published 04 Oct 2005 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3128

Summary

Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag.

Vulnerable Systems

Application

  • Squirrelmail Address Add Plugin 1.9

  • Squirrelmail Address Add Plugin 2.0


References

XF - squirrelmail-add-xss(22453)

CONFIRM - http://squirrelmail.org/plugin_view.php?id=101

SECUNIA - 16987

MISC - http://moritz-naumann.com/adv/0002/sqmadd/0002.txt

BUGTRAQ - 20050928 SquirrelMail Address Add Plugin XSS

VUPEN - ADV-2007-2732

BID - 25159

BID - 14973

MANDRIVA - MDKSA-2005:178

SECTRACK - 1014988

SECUNIA - 26235

APPLE - APPLE-SA-2007-07-31

CONFIRM - http://docs.info.apple.com/article.html?artnum=306172

Related Patches

Apple 2007-07-31 Security Update 2007-007 (10.4.10 Server PPC) (Rev 2)

Apple 2007-07-31 Security Update 2007-007 (10.4.10 PPC) (Rev 2)

Apple 2007-07-31 Security Update 2007-007 (10.4.10 Server Universal) (Rev 2)

Apple 2007-07-31 Security Update 2007-007 (10.4.10 Universal) (Rev 2)


Last Updated: 27 May 2016 10:40:48