CVE-2004-0520 : Detail

Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.

Metrics

EPSS

EPSS Score

EPSS Percentile

Exploit information

Exploit Database EDB-ID : 24160

Publication date : 2004-05-30 22h00 +00:00
Author : Roman Medina
EDB Verified : Yes

Products Mentioned

Configuraton 0

Open_webmail>>Open_webmail >> Version 2.30

Open_webmail>>Open_webmail >> Version 2.31

Open_webmail>>Open_webmail >> Version 2.32

Sgi>>Propack >> Version 3.0

Squirrelmail>>Squirrelmail >> Version 1.2.0

Squirrelmail>>Squirrelmail >> Version 1.2.1

Squirrelmail>>Squirrelmail >> Version 1.2.2

Squirrelmail>>Squirrelmail >> Version 1.2.3

Squirrelmail>>Squirrelmail >> Version 1.2.4

Squirrelmail>>Squirrelmail >> Version 1.2.5

Squirrelmail>>Squirrelmail >> Version 1.2.6

Squirrelmail>>Squirrelmail >> Version 1.2.7

Squirrelmail>>Squirrelmail >> Version 1.2.8

Squirrelmail>>Squirrelmail >> Version 1.2.9

Squirrelmail>>Squirrelmail >> Version 1.2.10

Squirrelmail>>Squirrelmail >> Version 1.2.11

Squirrelmail>>Squirrelmail >> Version 1.4

Squirrelmail>>Squirrelmail >> Version 1.4.1

Squirrelmail>>Squirrelmail >> Version 1.4.2

Squirrelmail>>Squirrelmail >> Version 1.4.3_rc1

Squirrelmail>>Squirrelmail >> Version 1.5_dev

References