Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0188

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0188
Last Modified 07 Mar 2011 09:29:32
Published 23 Feb 2006 07:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0188

Summary

webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.

Vulnerable Systems

Application

  • Squirrelmail 1.4

  • Squirrelmail 1.4 Rc1

  • Squirrelmail 1.4.1

  • Squirrelmail 1.4.2

  • Squirrelmail 1.4.3

  • Squirrelmail 1.4.3 R3

  • Squirrelmail 1.4.3 Rc1

  • Squirrelmail 1.4.3a

  • Squirrelmail 1.4.4

  • Squirrelmail 1.4.4 Rc1

  • Squirrelmail 1.4.5

  • Squirrelmail 1.4.6 Rc1


References

XF - squirrelmail-webmail-xss(24847)

VUPEN - ADV-2006-0689

CONFIRM - http://www.squirrelmail.org/security/issue/2006-02-01

BID - 16756

SECTRACK - 1015662

SECUNIA - 18985

REDHAT - RHSA-2006:0283

FEDORA - FEDORA-2006-133

SUSE - SUSE-SR:2006:005

MANDRIVA - MDKSA-2006:049

GENTOO - GLSA-200603-09

DEBIAN - DSA-988

SECUNIA - 20210

SECUNIA - 19960

SECUNIA - 19205

SECUNIA - 19176

SECUNIA - 19131

SECUNIA - 19130

SGI - 20060501-01-U


Last Updated: 27 May 2016 10:41:34