← back
CVE-2004-0639

CVE-2004-0639

EPSS 6.0%
Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/24167unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257973http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858http://marc.info/?l=bugtraq&m=108611554415078&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/16285http://www.debian.org/security/2004/dsa-535http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txthttp://www.securityfocus.com/bid/10450