CVE Vulnerabilities

CVE-2006-6142

Published: Dec 05, 2006 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving a shortcoming in the magicHTML filter.

Affected Software

Name Vendor Start Version End Version
Squirrelmail Squirrelmail 1.4.2 1.4.2
Squirrelmail Squirrelmail 1.4.6_rc1 1.4.6_rc1
Squirrelmail Squirrelmail 1.4.3_r3 1.4.3_r3
Squirrelmail Squirrelmail 1.4.6 1.4.6
Squirrelmail Squirrelmail 1.4.7 1.4.7
Squirrelmail Squirrelmail 1.4.3_rc1 1.4.3_rc1
Squirrelmail Squirrelmail 1.4.4_rc1 1.4.4_rc1
Squirrelmail Squirrelmail 1.4.3 1.4.3
Squirrelmail Squirrelmail 1.4.1 1.4.1
Squirrelmail Squirrelmail 1.4.6_cvs 1.4.6_cvs
Squirrelmail Squirrelmail 1.4 1.4
Squirrelmail Squirrelmail 1.4_rc1 1.4_rc1
Squirrelmail Squirrelmail 1.4.4 1.4.4
Squirrelmail Squirrelmail 1.4.3aa 1.4.3aa
Squirrelmail Squirrelmail 1.4.5 1.4.5

References