Vulnerability Details : CVE-2004-0520
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2004-0520
Probability of exploitation activity in the next 30 days: 1.84%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-0520
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2004-0520
- http://marc.info/?l=squirrelmail-cvs&m=108532891231712
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10766
-
http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt
Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2004-240.html
Patch;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1012
-
http://www.securityfocus.com/advisories/6827
Patch;Vendor Advisory
- https://bugzilla.fedora.us/show_bug.cgi?id=1733
-
http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml
Vendor Advisory
- ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
- http://marc.info/?l=bugtraq&m=108611554415078&w=2
-
http://www.debian.org/security/2004/dsa-535
Patch;Vendor Advisory
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858
-
http://www.securityfocus.com/bid/10439
Exploit;Patch
Products affected by CVE-2004-0520
- cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.5_dev:*:*:*:*:*:*:*
- cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*
- cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*
- cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*