CVE-2006-3174

Published: Jun 23, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

ADV-2007-2732

vdb-entry

x_refsource_VUPEN

18700

vdb-entry

x_refsource_BID

http://pridels0.blogspot.com/2006/06/squirrelmail-151-xss-vuln.html

x_refsource_MISC

APPLE-SA-2007-07-31

vendor-advisory

x_refsource_APPLE

http://docs.info.apple.com/article.html?artnum=306172

x_refsource_CONFIRM

25159

vdb-entry

x_refsource_BID

26610

vdb-entry

x_refsource_OSVDB

squirrelmail-search-xss(26941)

vdb-entry

x_refsource_XF

MDKSA-2006:147

vendor-advisory

x_refsource_MANDRIVA

26235

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2006-3174

Description

Affected Products

References