Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2004-08-06 04:00
Updated : 2024-02-28 10:24
NVD link : CVE-2004-0639
Mitre link : CVE-2004-0639
CVE.ORG link : CVE-2004-0639
JSON object : View
Products Affected
sgi
- propack
open_webmail
- open_webmail
squirrelmail
- squirrelmail
CWE