CVE-2004-0519

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858
http://marc.info/?l=bugtraq&m=108334862800260
http://rhn.redhat.com/errata/RHSA-2004-240.html
http://secunia.com/advisories/11531
http://secunia.com/advisories/11686
http://secunia.com/advisories/11870
http://secunia.com/advisories/12289
http://security.gentoo.org/glsa/glsa-200405-16.xml
http://www.debian.org/security/2004/dsa-535
http://www.novell.com/linux/security/advisories/2005_19_sr.html
http://www.securityfocus.com/advisories/6827
http://www.securityfocus.com/archive/1/361857
http://www.securityfocus.com/bid/10246
https://bugzilla.fedora.us/show_bug.cgi?id=1733
https://exchange.xforce.ibmcloud.com/vulnerabilities/16025
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1006
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10274

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-10-2017 - 01:29

Objavljeno

18-08-2004 - 04:00