SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2009-1581

Date: (C)2009-05-14 (M)2024-02-09

functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE

Reference:

APPLE-SA-2010-06-15-1

FEDORA-2009-4870

FEDORA-2009-4875

FEDORA-2009-4880

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667&r2=13666&pathrev=13667

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667

http://support.apple.com/kb/HT4188

http://www.squirrelmail.org/security/issue/2009-05-12

https://bugzilla.redhat.com/show_bug.cgi?id=500356

oval:org.mitre.oval:def:10441

squirrelmail-css-xss(50463)

cpe:/a:squirrelmail:squirrelmail

oval:org.secpod.oval:def:200571
oval:org.secpod.oval:def:600347
oval:org.secpod.oval:def:202188
oval:org.secpod.oval:def:202170
...

© SecPod Technologies