[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-1578Date: (C)2009-05-14   (M)2024-02-09


Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
BID-34916
SECUNIA-35052
SECUNIA-35073
SECUNIA-35140
SECUNIA-35259
SECUNIA-37415
SECUNIA-40220
OSVDB-60468
ADV-2009-1296
ADV-2009-3315
ADV-2010-1481
APPLE-SA-2010-06-15-1
DSA-1802
FEDORA-2009-4870
FEDORA-2009-4875
FEDORA-2009-4880
MDVSA-2009:110
RHSA-2009:1066
http://download.gna.org/nasmail/nasmail-1.7.zip
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/contrib/decrypt_headers.php?r1=13672&r2=13671&pathrev=13672
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/global.php?r1=13670&r2=13669&pathrev=13670
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13670
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13672
http://support.apple.com/kb/HT4188
http://www.squirrelmail.org/security/issue/2009-05-08
http://www.squirrelmail.org/security/issue/2009-05-09
https://bugzilla.redhat.com/show_bug.cgi?id=500363
https://gna.org/forum/forum.php?forum_id=2146
oval:org.mitre.oval:def:11624
squirrelmail-decryptheaders-xss(50460)
squirrelmail-phpself-xss(50459)

CPE    1
cpe:/a:squirrelmail:squirrelmail
CWE    1
CWE-79
OVAL    12
oval:org.secpod.oval:def:200571
oval:org.secpod.oval:def:600347
oval:org.secpod.oval:def:202188
oval:org.secpod.oval:def:202170
...

© SecPod Technologies