CVE-2002-1341

Severity

68%

Complexity

86%

Confidentiality

106%

Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.

Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

SquirrelMail

First reported 22 years ago

2002-12-18 05:00:00

Last updated 7 years ago

2017-07-11 01:29:00

Affected Software

SquirrelMail 1.2.6

1.2.6

SquirrelMail 1.2.7

1.2.7

SquirrelMail 1.2.8

1.2.8

SquirrelMail 1.2.9

1.2.9

SquirrelMail 1.2.10

1.2.10

References

http://f0kp.iplus.ru/bz/008.txt

20021203 SquirrelMail v1.2.9 XSS bugs

20021203 Re: SquirrelMail v1.2.9 XSS bugs

20021215 GLSA: squirrelmail

8220

DSA-220

RHSA-2003:042

Patch, Vendor Advisory

6302

Patch, Vendor Advisory

squirrelmail-readbody-xss(10754)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.