Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Cross-site scripting vulnerability in SquirrelMail - exploit.company
header-logo
Suggest Exploit
vendor:
SquirrelMail
by:
Unknown
7.5
CVSS
HIGH
Cross-site scripting
79
CWE
Product Name: SquirrelMail
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2004-0980
CPE: a:squirrelmail:squirrelmail
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2004-0980/https://www.rapid7.com/db/vulnerabilities/freebsd-vid-e69ba632-326f-11d9-b5b7-000854d03344/
Other Scripts:
Platforms Tested:
2004

Cross-site scripting vulnerability in SquirrelMail

SquirrelMail is affected by a cross-site scripting vulnerability in the handling of folder name displays. This issue allows for the inclusion of malicious script code in dynamic web content.

Mitigation:

Apply the vendor-supplied patch or upgrade to a non-vulnerable version of SquirrelMail.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10246/info

It has been reported that SquirrelMail is affected by a cross-site scripting vulnerability in the handling of folder name displays. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic web content.

This issue may allow for theft of cookie-based authentication credentials. Other attacks are also possible.

http://www.example.com/mail/src/compose.php?mailbox="><script>window.alert(document.cookie)</script>

Navigation

Suggest Exploit

Services By CQR