Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses : XSS >> SquirrelMail < 1.4.4 XSS Vulnerabilities


Vulnerability Assessment Details

SquirrelMail < 1.4.4 XSS Vulnerabilities

Vulnerability Assessment Summary
Checks for Three XSS Vulnerabilities in SquirrelMail < 1.4.4

Detailed Explanation for this Vulnerability Assessment

The target is running at least one instance of SquirrelMail whose
version number suggests it is vulnerable to one or more cross-site
scripting vulnerabilities :

- Insufficient escaping of integer variables in webmail.php permits a
remote attacker to include HTML / script into a SquirrelMail webpage
(affects 1.4.0-RC1 - 1.4.4-RC1).

- Insufficient checking of incoming URL vars in webmail.php permits an
attacker to include arbitrary remote web pages in the SquirrelMail
frameset (affects 1.4.0-RC1 - 1.4.4-RC1).

- A recent change in prefs.php permits a possible hacker to provide a
specially crafted URL that could include local code into the
SquirrelMail code if and only if PHP's register_globals setting is
enabled (affects 1.4.3-RC1 - 1.4.4-RC1).

***** Nessus has acertaind the vulnerability exists on the target
***** simply by looking at the version number of Squirrelmail
***** installed there.

Solution : Upgrade to SquirrelMail 1.4.4 or later.
Network Security Threat Level: Medium

Networks Security ID: 12337

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 George A. Theall

Cables, Connectors


Intel Xeon E5-2689v4 10 Core 3.1G - SR2T7 picture

Intel Xeon E5-2689v4 10 Core 3.1G - SR2T7

$125.00



Intel - Core i7-12700K Desktop Processor 12 (8P+4E) Cores up to 5.0 GHz Unloc... picture

Intel - Core i7-12700K Desktop Processor 12 (8P+4E) Cores up to 5.0 GHz Unloc...

$242.99



Intel - Core i9-14900K 14th Gen 24-Core 32-Thread - 4.4GHz (6.0GHz Turbo) Soc... picture

Intel - Core i9-14900K 14th Gen 24-Core 32-Thread - 4.4GHz (6.0GHz Turbo) Soc...

$539.99



Intel 6 Core i5-8600 3.1GHZ Desktop Processor SR3X0 picture

Intel 6 Core i5-8600 3.1GHZ Desktop Processor SR3X0

$50.00



Intel Core i5-6500 Quad-Core Processor 3.2 GHz 6MB LGA1151 picture

Intel Core i5-6500 Quad-Core Processor 3.2 GHz 6MB LGA1151

$23.99



Intel Xeon Gold 6142 2.60GHz 16-Core 22MB LGA-3647 Server Processor SR3AY  picture

Intel Xeon Gold 6142 2.60GHz 16-Core 22MB LGA-3647 Server Processor SR3AY

$65.00



Intel - Core i7-13700K 13th Gen 16 cores 8 P-cores + 8 E-cores 30M Cache, 3.4... picture

Intel - Core i7-13700K 13th Gen 16 cores 8 P-cores + 8 E-cores 30M Cache, 3.4...

$364.99



Intel - Core i7-14700K 14th Gen 20-Core 28-Thread - 4.3GHz (5.6GHz Turbo) Soc... picture

Intel - Core i7-14700K 14th Gen 20-Core 28-Thread - 4.3GHz (5.6GHz Turbo) Soc...

$399.99



AMD Ryzen 7 2700X CPU Processor 3.7GHz AM4 picture

AMD Ryzen 7 2700X CPU Processor 3.7GHz AM4

$74.99



AMD EPYC 7F52 CPU processor 16 cores 32 threads 3.5GHZ up to 3.9GHZ 240w picture

AMD EPYC 7F52 CPU processor 16 cores 32 threads 3.5GHZ up to 3.9GHZ 240w

$299.00



Discussions

No Discussions have been posted on this vulnerability.