CVE-2006-6142

MEDIUM

Description

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."

References

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc

http://docs.info.apple.com/article.html?artnum=306172

http://fedoranews.org/cms/node/2438

http://fedoranews.org/cms/node/2439

http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

http://secunia.com/advisories/23195

http://secunia.com/advisories/23322

http://secunia.com/advisories/23409

http://secunia.com/advisories/23504

http://secunia.com/advisories/23811

http://secunia.com/advisories/24004

http://secunia.com/advisories/24284

http://secunia.com/advisories/26235

http://securitytracker.com/id?1017327

http://sourceforge.net/project/shownotes.php?release_id=468482

http://squirrelmail.org/security/issue/2006-12-02

http://www.debian.org/security/2006/dsa-1241

http://www.mandriva.com/security/advisories?name=MDKSA-2006:226

http://www.novell.com/linux/security/advisories/2006_29_sr.html

http://www.novell.com/linux/security/advisories/2007_4_sr.html

http://www.redhat.com/support/errata/RHSA-2007-0022.html

http://www.securityfocus.com/bid/21414

http://www.securityfocus.com/bid/25159

http://www.vupen.com/english/advisories/2006/4828

http://www.vupen.com/english/advisories/2007/2732

https://exchange.xforce.ibmcloud.com/vulnerabilities/30693

https://exchange.xforce.ibmcloud.com/vulnerabilities/30694

https://exchange.xforce.ibmcloud.com/vulnerabilities/30695

https://issues.rpath.com/browse/RPL-849

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988

Details

Source: MITRE

Published: 2006-12-05

Updated: 2017-10-11

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM