Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P
Vendors Products
Gentoo
  • Linux
Squirrelmail
  • Squirrelmail

Configuration 1 [-]

OR cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.5_dev:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
References
Link Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000905
http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html Vendor Advisory
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html Vendor Advisory
http://marc.info/?l=bugtraq&m=110012133608004&w=2
http://voxel.dl.sourceforge.net/sourceforge/squirrelmail/sm143a-xss.diff
http://www.gentoo.org/security/en/glsa/glsa-200411-25.xml Patch Vendor Advisory
http://www.squirrelmail.org/
https://exchange.xforce.ibmcloud.com/vulnerabilities/18031
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9592
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2004-11-16T05:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2004-11-15T00:00:00

Link: CVE-2004-1036

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2005-03-01T05:00:00.000

Modified: 2017-10-11T01:29:40.373

Link: CVE-2004-1036

JSON object: View

cve-icon Redhat Information

No data.

CWE