Back to search
CVE-2006-6142
Published: Dec 5, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2007-2732
vdb-entry
x_refsource_VUPEN
MDKSA-2006:226
vendor-advisory
x_refsource_MANDRIVA
23195
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2007-07-31
vendor-advisory
x_refsource_APPLE
RHSA-2007:0022
vendor-advisory
x_refsource_REDHAT
FEDORA-2007-088
vendor-advisory
x_refsource_FEDORA
23409
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:9988
vdb-entry
signature
x_refsource_OVAL
23504
third-party-advisory
x_refsource_SECUNIA
24284
third-party-advisory
x_refsource_SECUNIA
squirrelmail-webmail-compose-xss(30693)
vdb-entry
x_refsource_XF
squirrelmail-mimeheader-xss(30695)
vdb-entry
x_refsource_XF
23322
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2007:004
vendor-advisory
x_refsource_SUSE
squirrelmail-magichtml-messages-xss(30694)
vdb-entry
x_refsource_XF
DSA-1241
vendor-advisory
x_refsource_DEBIAN
FEDORA-2007-089
vendor-advisory
x_refsource_FEDORA
21414
vdb-entry
x_refsource_BID
http://docs.info.apple.com/article.html?artnum=306172
x_refsource_CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=468482
x_refsource_CONFIRM
24004
third-party-advisory
x_refsource_SECUNIA
25159
vdb-entry
x_refsource_BID
http://squirrelmail.org/security/issue/2006-12-02
x_refsource_CONFIRM
SUSE-SR:2006:029
vendor-advisory
x_refsource_SUSE
https://issues.rpath.com/browse/RPL-849
x_refsource_CONFIRM
ADV-2006-4828
vdb-entry
x_refsource_VUPEN
23811
third-party-advisory
x_refsource_SECUNIA
1017327
vdb-entry
x_refsource_SECTRACK
26235
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now