Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2004-0519 | First vendor Publication | 2004-08-18 |
Vendor | Cve | Last vendor Modification | 2017-10-11 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0519 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1006 | |||
Oval ID: | oval:org.mitre.oval:def:1006 | ||
Title: | SquirrelMail Cross-site Scripting Vulnerability I | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0519 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | SquirrelMail |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:10274 | |||
Oval ID: | oval:org.mitre.oval:def:10274 | ||
Title: | Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0519 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200405-16 (SquirrelMail) File : nvt/glsa_200405_16.nasl |
2008-09-04 | Name : FreeBSD Ports: openwebmail File : nvt/freebsd_openwebmail.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 535-1 (squirrelmail) File : nvt/deb_535_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
6337 | SquirreMail compose.php Multiple Parameter XSS Squirrelmail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate mailbox variables upon submission to the compose.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c5519420cec211d88898000d6111a684.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-535.nasl - Type : ACT_GATHER_INFO |
2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200405-16.nasl - Type : ACT_GATHER_INFO |
2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-159.nasl - Type : ACT_GATHER_INFO |
2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-160.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2004-240.nasl - Type : ACT_GATHER_INFO |
2004-05-05 | Name : The remote service is vulnerable to injection attacks allowing command execut... File : squirrelmail_143.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:02:20 |
|
2021-04-22 01:02:29 |
|
2020-05-23 00:15:48 |
|
2017-10-11 09:23:21 |
|
2017-07-11 12:01:27 |
|
2016-10-18 12:01:20 |
|
2016-04-26 12:50:38 |
|
2014-02-17 10:27:37 |
|
2013-05-11 11:41:57 |
|