|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> CGI abuses : XSS >> SquirrelMail < 1.4.4 XSS Vulnerabilities Vulnerability Assessment Details
|
SquirrelMail < 1.4.4 XSS Vulnerabilities |
||
Checks for Three XSS Vulnerabilities in SquirrelMail < 1.4.4 Detailed Explanation for this Vulnerability Assessment The target is running at least one instance of SquirrelMail whose version number suggests it is vulnerable to one or more cross-site scripting vulnerabilities : - Insufficient escaping of integer variables in webmail.php permits a remote attacker to include HTML / script into a SquirrelMail webpage (affects 1.4.0-RC1 - 1.4.4-RC1). - Insufficient checking of incoming URL vars in webmail.php permits an attacker to include arbitrary remote web pages in the SquirrelMail frameset (affects 1.4.0-RC1 - 1.4.4-RC1). - A recent change in prefs.php permits a possible hacker to provide a specially crafted URL that could include local code into the SquirrelMail code if and only if PHP's register_globals setting is enabled (affects 1.4.3-RC1 - 1.4.4-RC1). ***** Nessus has acertaind the vulnerability exists on the target ***** simply by looking at the version number of Squirrelmail ***** installed there. Solution : Upgrade to SquirrelMail 1.4.4 or later. Network Security Threat Level: Medium Networks Security ID: 12337 Vulnerability Assessment Copyright: This script is Copyright (C) 2005 George A. Theall |
||
Cables, Connectors |
Intel Xeon E5-2689v4 10 Core 3.1G - SR2T7
$125.00
Intel - Core i7-12700K Desktop Processor 12 (8P+4E) Cores up to 5.0 GHz Unloc...
$242.99
Intel - Core i9-14900K 14th Gen 24-Core 32-Thread - 4.4GHz (6.0GHz Turbo) Soc...
$539.99
Intel 6 Core i5-8600 3.1GHZ Desktop Processor SR3X0
$50.00
Intel Core i5-6500 Quad-Core Processor 3.2 GHz 6MB LGA1151
$23.99
Intel Xeon Gold 6142 2.60GHz 16-Core 22MB LGA-3647 Server Processor SR3AY
$65.00
Intel - Core i7-13700K 13th Gen 16 cores 8 P-cores + 8 E-cores 30M Cache, 3.4...
$364.99
Intel - Core i7-14700K 14th Gen 20-Core 28-Thread - 4.3GHz (5.6GHz Turbo) Soc...
$399.99
AMD Ryzen 7 2700X CPU Processor 3.7GHz AM4
$74.99
AMD EPYC 7F52 CPU processor 16 cores 32 threads 3.5GHZ up to 3.9GHZ 240w
$299.00
|
||
No Discussions have been posted on this vulnerability. |