Vulnerability-Lookup

CVE-2008-2379 (GCVE-0-2008-2379)

Vulnerability from cvelistv5 – Published: 2008-12-05 00:00 – Updated: 2024-08-07 08:58

Summary

Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/33937	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/33071	third-party-advisoryx_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/33054	third-party-advisoryx_refsource_SECUNIA
	http://support.apple.com/kb/HT3438	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.vupen.com/english/advisories/2008/3332	vdb-entryx_refsource_VUPEN
	http://www.debian.org/security/2008/dsa-1682	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.securityfocus.com/bid/32603	vdb-entryx_refsource_BID
	http://secunia.com/advisories/32143	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://security-net.biz/wsw/index.php?p=254&n=190	x_refsource_MISC
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.squirrelmail.org/index.php	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:58:02.253Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:9764",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764"
          },
          {
            "name": "33937",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33937"
          },
          {
            "name": "33071",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33071"
          },
          {
            "name": "FEDORA-2008-10918",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html"
          },
          {
            "name": "33054",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33054"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3438"
          },
          {
            "name": "APPLE-SA-2009-02-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
          },
          {
            "name": "ADV-2008-3332",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3332"
          },
          {
            "name": "DSA-1682",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1682"
          },
          {
            "name": "SUSE-SR:2008:027",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
          },
          {
            "name": "32603",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32603"
          },
          {
            "name": "32143",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32143"
          },
          {
            "name": "squirrelmail-html-xss(47024)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47024"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://security-net.biz/wsw/index.php?p=254\u0026n=190"
          },
          {
            "name": "FEDORA-2008-10740",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.squirrelmail.org/index.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:9764",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764"
        },
        {
          "name": "33937",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33937"
        },
        {
          "name": "33071",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33071"
        },
        {
          "name": "FEDORA-2008-10918",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html"
        },
        {
          "name": "33054",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33054"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3438"
        },
        {
          "name": "APPLE-SA-2009-02-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
        },
        {
          "name": "ADV-2008-3332",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3332"
        },
        {
          "name": "DSA-1682",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1682"
        },
        {
          "name": "SUSE-SR:2008:027",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
        },
        {
          "name": "32603",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32603"
        },
        {
          "name": "32143",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32143"
        },
        {
          "name": "squirrelmail-html-xss(47024)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47024"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://security-net.biz/wsw/index.php?p=254\u0026n=190"
        },
        {
          "name": "FEDORA-2008-10740",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.squirrelmail.org/index.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2379",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:9764",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764"
            },
            {
              "name": "33937",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33937"
            },
            {
              "name": "33071",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33071"
            },
            {
              "name": "FEDORA-2008-10918",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html"
            },
            {
              "name": "33054",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33054"
            },
            {
              "name": "http://support.apple.com/kb/HT3438",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3438"
            },
            {
              "name": "APPLE-SA-2009-02-12",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
            },
            {
              "name": "ADV-2008-3332",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3332"
            },
            {
              "name": "DSA-1682",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1682"
            },
            {
              "name": "SUSE-SR:2008:027",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
            },
            {
              "name": "32603",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32603"
            },
            {
              "name": "32143",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32143"
            },
            {
              "name": "squirrelmail-html-xss(47024)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47024"
            },
            {
              "name": "http://security-net.biz/wsw/index.php?p=254\u0026n=190",
              "refsource": "MISC",
              "url": "http://security-net.biz/wsw/index.php?p=254\u0026n=190"
            },
            {
              "name": "FEDORA-2008-10740",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html"
            },
            {
              "name": "http://www.squirrelmail.org/index.php",
              "refsource": "CONFIRM",
              "url": "http://www.squirrelmail.org/index.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2379",
    "datePublished": "2008-12-05T00:00:00.000Z",
    "dateReserved": "2008-05-21T00:00:00.000Z",
    "dateUpdated": "2024-08-07T08:58:02.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-579

Vulnerability from certfr_avis - Published: 2008-12-04 - Updated: 2008-12-04

Une vulnérabilité présente dans SquirrelMail permet à un utilisateur distant de conduire une attaque de type injection de code indirecte (Cross-site scripting).

Description

Une erreur est présente dans SquirrelMail. Elle est due à un manque de contrôle du code HTML inclus dans certains courriels. Il est donc possible à un utilisateur distant malintentionné de conduire une attaque de type injection de code indirecte par le biais d'un courriel construit de façon particulière ouvert par un utilisateur du SquirrelMail vulnérable.

NB: l'option Show HTML Version by Default devra être activée dans les paramètres d'affichage pour que l'exploitation de cette vulnérabilité réussisse.

Solution

La version 1.4.17 de SquirrelMail corrige le problème :

http://www.squirrelmail.org/download

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

SquirrelMail versions 1.4.16 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Liste des changements apportés à la version 1.4.17 de SquirrelMail	None	vendor-advisory
Site de SquirrelMail :	-	other
Liste des changements apportés à la version 1.4.17 de SquirrelMail :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eSquirrelMail versions 1.4.16 et  ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nUne erreur est pr\u00e9sente dans SquirrelMail. Elle est due \u00e0 un manque de\ncontr\u00f4le du code HTML inclus dans certains courriels. Il est donc\npossible \u00e0 un utilisateur distant malintentionn\u00e9 de conduire une attaque\nde type injection de code indirecte par le biais d\u0027un courriel construit\nde fa\u00e7on particuli\u00e8re ouvert par un utilisateur du SquirrelMail\nvuln\u00e9rable.\n\nNB: l\u0027option Show HTML Version by Default devra \u00eatre activ\u00e9e dans les\nparam\u00e8tres d\u0027affichage pour que l\u0027exploitation de cette vuln\u00e9rabilit\u00e9\nr\u00e9ussisse.\n\n## Solution\n\nLa version 1.4.17 de SquirrelMail corrige le probl\u00e8me :\n\n    http://www.squirrelmail.org/download\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2379"
    }
  ],
  "initial_release_date": "2008-12-04T00:00:00",
  "last_revision_date": "2008-12-04T00:00:00",
  "links": [
    {
      "title": "Site de SquirrelMail :",
      "url": "http://www.squirrelmail.org"
    },
    {
      "title": "Liste des changements apport\u00e9s \u00e0 la version 1.4.17 de    SquirrelMail :",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=644750\u0026group_id=311"
    }
  ],
  "reference": "CERTA-2008-AVI-579",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-12-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans SquirrelMail permet \u00e0 un utilisateur\ndistant de conduire une attaque de type injection de code indirecte\n(\u003cspan class=\"textit\"\u003eCross-site scripting\u003c/span\u003e).\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans SquirrelMail",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Liste des changements apport\u00e9s \u00e0 la version 1.4.17 de SquirrelMail",
      "url": null
    }
  ]
}

CERTA-2009-AVI-068

Vulnerability from certfr_avis - Published: 2009-02-13 - Updated: 2009-02-13

De multiples vulnérabilités ont été découvertes dans le système Mac OS X d'Apple. L'exploitation de ces vulnérabilités permet un grand nombre d'actions, dont l'exécution de code arbitraire à distance.

Description

Apple vient de publier des mises à jour pour son système d'exploitation Mac OS X. Ces correctifs concernent la mise à jour de plusieurs applicatifs :

AFP Server ;
Apple Pixlet Video ;
Carbon Core ;
CFNetwork ;
Certificate Assistant ;
ClamAV ;
CoreText ;
CUPS ;
DS Tools ;
fetchmail ;
Folder Manager ;
FSEvents ;
Network Time ;
perl ;
Printing ;
python ;
Remote Apple Events ;
Safari RSS ;
servermgrd ;
SMB ;
SquirrelMail ;
X11 ;
Xterm.

L'exploitation des différentes vulnérabilités permet d'effectuer un grand nombre d'actions malveillantes, dont l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Mac OS X versions 10.5.6 et antérieures ;
	Apple	N/A	Mac OS X versions 10.4.11 et antérieures.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 2009-001 du 12 février 2009	None	vendor-advisory
Bulletin de sécurité Apple HT3438 du 12 février 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X versions 10.5.6 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X versions 10.4.11 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nApple vient de publier des mises \u00e0 jour pour son syst\u00e8me d\u0027exploitation\nMac OS X. Ces correctifs concernent la mise \u00e0 jour de plusieurs\napplicatifs :\n\n-   AFP Server ;\n-   Apple Pixlet Video ;\n-   Carbon Core ;\n-   CFNetwork ;\n-   Certificate Assistant ;\n-   ClamAV ;\n-   CoreText ;\n-   CUPS ;\n-   DS Tools ;\n-   fetchmail ;\n-   Folder Manager ;\n-   FSEvents ;\n-   Network Time ;\n-   perl ;\n-   Printing ;\n-   python ;\n-   Remote Apple Events ;\n-   Safari RSS ;\n-   servermgrd ;\n-   SMB ;\n-   SquirrelMail ;\n-   X11 ;\n-   Xterm.\n\nL\u0027exploitation des diff\u00e9rentes vuln\u00e9rabilit\u00e9s permet d\u0027effectuer un\ngrand nombre d\u0027actions malveillantes, dont l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2316"
    },
    {
      "name": "CVE-2008-2361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2361"
    },
    {
      "name": "CVE-2008-2379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2379"
    },
    {
      "name": "CVE-2008-1808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1808"
    },
    {
      "name": "CVE-2009-0020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0020"
    },
    {
      "name": "CVE-2009-0012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0012"
    },
    {
      "name": "CVE-2008-3663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3663"
    },
    {
      "name": "CVE-2009-0141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0141"
    },
    {
      "name": "CVE-2008-3142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3142"
    },
    {
      "name": "CVE-2007-4565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4565"
    },
    {
      "name": "CVE-2007-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1352"
    },
    {
      "name": "CVE-2009-0139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0139"
    },
    {
      "name": "CVE-2008-4864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4864"
    },
    {
      "name": "CVE-2009-0019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0019"
    },
    {
      "name": "CVE-2008-1679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1679"
    },
    {
      "name": "CVE-2008-2711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2711"
    },
    {
      "name": "CVE-2008-3144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3144"
    },
    {
      "name": "CVE-2008-2362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2362"
    },
    {
      "name": "CVE-2009-0018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0018"
    },
    {
      "name": "CVE-2009-0140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0140"
    },
    {
      "name": "CVE-2009-0015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0015"
    },
    {
      "name": "CVE-2008-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1379"
    },
    {
      "name": "CVE-2008-5031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5031"
    },
    {
      "name": "CVE-2008-1721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1721"
    },
    {
      "name": "CVE-2008-5050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5050"
    },
    {
      "name": "CVE-2006-1861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1861"
    },
    {
      "name": "CVE-2008-1927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1927"
    },
    {
      "name": "CVE-2007-1667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1667"
    },
    {
      "name": "CVE-2008-5183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5183"
    },
    {
      "name": "CVE-2009-0138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0138"
    },
    {
      "name": "CVE-2009-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0014"
    },
    {
      "name": "CVE-2009-0009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0009"
    },
    {
      "name": "CVE-2009-0137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0137"
    },
    {
      "name": "CVE-2008-2360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2360"
    },
    {
      "name": "CVE-2009-0142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0142"
    },
    {
      "name": "CVE-2007-4965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4965"
    },
    {
      "name": "CVE-2009-0011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0011"
    },
    {
      "name": "CVE-2008-5314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5314"
    },
    {
      "name": "CVE-2008-1807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1807"
    },
    {
      "name": "CVE-2008-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1887"
    },
    {
      "name": "CVE-2008-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1377"
    },
    {
      "name": "CVE-2007-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1351"
    },
    {
      "name": "CVE-2008-2315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2315"
    },
    {
      "name": "CVE-2009-0013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0013"
    },
    {
      "name": "CVE-2009-0017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0017"
    },
    {
      "name": "CVE-2006-3467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3467"
    },
    {
      "name": "CVE-2008-1806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1806"
    }
  ],
  "initial_release_date": "2009-02-13T00:00:00",
  "last_revision_date": "2009-02-13T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3438 du 12 f\u00e9vrier 2009 :",
      "url": "http://support.apple.com/kb/HT3438"
    }
  ],
  "reference": "CERTA-2009-AVI-068",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me Mac OS X\nd\u0027Apple. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet un grand nombre\nd\u0027actions, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2009-001 du 12 f\u00e9vrier 2009",
      "url": null
    }
  ]
}

GSD-2008-2379

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.

Aliases

CVE-2008-2379

Aliases

CVE-2008-2379

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-2379",
    "description": "Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.",
    "id": "GSD-2008-2379",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-2379.html",
      "https://www.debian.org/security/2008/dsa-1682",
      "https://access.redhat.com/errata/RHSA-2009:0010",
      "https://linux.oracle.com/cve/CVE-2008-2379.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-2379"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.",
      "id": "GSD-2008-2379",
      "modified": "2023-12-13T01:23:00.425867Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-2379",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:9764",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764"
          },
          {
            "name": "33937",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33937"
          },
          {
            "name": "33071",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33071"
          },
          {
            "name": "FEDORA-2008-10918",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html"
          },
          {
            "name": "33054",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33054"
          },
          {
            "name": "http://support.apple.com/kb/HT3438",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3438"
          },
          {
            "name": "APPLE-SA-2009-02-12",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
          },
          {
            "name": "ADV-2008-3332",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/3332"
          },
          {
            "name": "DSA-1682",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1682"
          },
          {
            "name": "SUSE-SR:2008:027",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
          },
          {
            "name": "32603",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/32603"
          },
          {
            "name": "32143",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32143"
          },
          {
            "name": "squirrelmail-html-xss(47024)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47024"
          },
          {
            "name": "http://security-net.biz/wsw/index.php?p=254\u0026n=190",
            "refsource": "MISC",
            "url": "http://security-net.biz/wsw/index.php?p=254\u0026n=190"
          },
          {
            "name": "FEDORA-2008-10740",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html"
          },
          {
            "name": "http://www.squirrelmail.org/index.php",
            "refsource": "CONFIRM",
            "url": "http://www.squirrelmail.org/index.php"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.4.16",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0_rc3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2379"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://security-net.biz/wsw/index.php?p=254\u0026n=190",
              "refsource": "MISC",
              "tags": [],
              "url": "http://security-net.biz/wsw/index.php?p=254\u0026n=190"
            },
            {
              "name": "32143",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32143"
            },
            {
              "name": "http://www.squirrelmail.org/index.php",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.squirrelmail.org/index.php"
            },
            {
              "name": "32603",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/32603"
            },
            {
              "name": "APPLE-SA-2009-02-12",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
            },
            {
              "name": "33937",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/33937"
            },
            {
              "name": "33054",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/33054"
            },
            {
              "name": "SUSE-SR:2008:027",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
            },
            {
              "name": "FEDORA-2008-10918",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html"
            },
            {
              "name": "DSA-1682",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2008/dsa-1682"
            },
            {
              "name": "FEDORA-2008-10740",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html"
            },
            {
              "name": "33071",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/33071"
            },
            {
              "name": "http://support.apple.com/kb/HT3438",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3438"
            },
            {
              "name": "ADV-2008-3332",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/3332"
            },
            {
              "name": "squirrelmail-html-xss(47024)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47024"
            },
            {
              "name": "oval:org.mitre.oval:def:9764",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-29T01:31Z",
      "publishedDate": "2008-12-05T00:30Z"
    }
  }
}

FKIE_CVE-2008-2379

Vulnerability from fkie_nvd - Published: 2008-12-05 00:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
cve@mitre.org	http://secunia.com/advisories/32143	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/33054
cve@mitre.org	http://secunia.com/advisories/33071
cve@mitre.org	http://secunia.com/advisories/33937
cve@mitre.org	http://security-net.biz/wsw/index.php?p=254&n=190
cve@mitre.org	http://support.apple.com/kb/HT3438
cve@mitre.org	http://www.debian.org/security/2008/dsa-1682
cve@mitre.org	http://www.securityfocus.com/bid/32603
cve@mitre.org	http://www.squirrelmail.org/index.php
cve@mitre.org	http://www.vupen.com/english/advisories/2008/3332
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/47024
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32143	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33054
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33071
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33937
af854a3a-2127-422b-91ae-364da2661108	http://security-net.biz/wsw/index.php?p=254&n=190
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3438
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1682
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/32603
af854a3a-2127-422b-91ae-364da2661108	http://www.squirrelmail.org/index.php
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/3332
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/47024
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html

Impacted products

Vendor	Product	Version
squirrelmail	squirrelmail	*
squirrelmail	squirrelmail	0.1
squirrelmail	squirrelmail	0.1.1
squirrelmail	squirrelmail	0.1.2
squirrelmail	squirrelmail	0.2
squirrelmail	squirrelmail	0.2.1
squirrelmail	squirrelmail	0.3
squirrelmail	squirrelmail	0.3.1
squirrelmail	squirrelmail	0.3pre1
squirrelmail	squirrelmail	0.3pre2
squirrelmail	squirrelmail	0.4
squirrelmail	squirrelmail	0.4pre1
squirrelmail	squirrelmail	0.4pre2
squirrelmail	squirrelmail	0.5
squirrelmail	squirrelmail	0.5pre1
squirrelmail	squirrelmail	0.5pre2
squirrelmail	squirrelmail	1.0
squirrelmail	squirrelmail	1.0.1
squirrelmail	squirrelmail	1.0.2
squirrelmail	squirrelmail	1.0.3
squirrelmail	squirrelmail	1.0.4
squirrelmail	squirrelmail	1.0.5
squirrelmail	squirrelmail	1.0.6
squirrelmail	squirrelmail	1.0pre1
squirrelmail	squirrelmail	1.0pre2
squirrelmail	squirrelmail	1.0pre3
squirrelmail	squirrelmail	1.1.0
squirrelmail	squirrelmail	1.1.1
squirrelmail	squirrelmail	1.1.2
squirrelmail	squirrelmail	1.1.3
squirrelmail	squirrelmail	1.2.0
squirrelmail	squirrelmail	1.2.0_rc3
squirrelmail	squirrelmail	1.2.1
squirrelmail	squirrelmail	1.2.2
squirrelmail	squirrelmail	1.2.3
squirrelmail	squirrelmail	1.2.4
squirrelmail	squirrelmail	1.2.5
squirrelmail	squirrelmail	1.2.6
squirrelmail	squirrelmail	1.2.7
squirrelmail	squirrelmail	1.3.0
squirrelmail	squirrelmail	1.3.1
squirrelmail	squirrelmail	1.3.2
squirrelmail	squirrelmail	1.4.0
squirrelmail	squirrelmail	1.4.0_rc1
squirrelmail	squirrelmail	1.4.0_rc2a
squirrelmail	squirrelmail	1.4.1
squirrelmail	squirrelmail	1.4.2
squirrelmail	squirrelmail	1.4.3
squirrelmail	squirrelmail	1.4.3_rc1
squirrelmail	squirrelmail	1.4.3a
squirrelmail	squirrelmail	1.4.4
squirrelmail	squirrelmail	1.4.4_rc1
squirrelmail	squirrelmail	1.4.5
squirrelmail	squirrelmail	1.4.5_rc1
squirrelmail	squirrelmail	1.4.6
squirrelmail	squirrelmail	1.4.6_rc1
squirrelmail	squirrelmail	1.4.7
squirrelmail	squirrelmail	1.4.8
squirrelmail	squirrelmail	1.4.9
squirrelmail	squirrelmail	1.4.9a
squirrelmail	squirrelmail	1.4.10
squirrelmail	squirrelmail	1.4.10a
squirrelmail	squirrelmail	1.4.11
squirrelmail	squirrelmail	1.4.12
squirrelmail	squirrelmail	1.4.15
squirrelmail	squirrelmail	1.4.15_rc1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A189210-833E-473D-A4C6-380380C48AC0",
              "versionEndIncluding": "1.4.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C2F0267-47D5-436F-B9F6-505CEC582AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "565E131D-56A9-46AB-800D-12B097FE3B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FAB6F43-2DAE-4E02-8F0A-EE4D4FB3E005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "86DB6243-3A4A-419E-B6C5-D61F5B0A1E7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2805F37-B8E6-4647-9E90-50763C7E4952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "284E543F-6AC3-45CD-8448-3A1D4D3DD469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C7E957E-81C0-4FA3-9944-5E514874BED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FF0DACB-F875-448B-86DF-D40531A2A762",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*",
              "matchCriteriaId": "651432C3-1EE9-4BBA-A1CF-DCC9F19954D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11C84D0-13B5-4298-B9F3-BF5C6F927793",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEE72FA1-E635-436B-A650-A8D4040925B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:*",
              "matchCriteriaId": "512F2AB5-EB24-4846-B924-377D040C131A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "25F42A76-BF06-4DA9-8667-0E81D17B5B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:*",
              "matchCriteriaId": "02410BAB-C1D7-4883-A27B-C13A72707CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8509AAEE-225C-4907-884D-F9796ACA40F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD41781D-1F7E-43A7-AD59-ADFE1D04D825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "78650B7E-9638-46FF-9656-38E8DFE3FA93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "94CBBB8E-E0AB-4F7B-A55E-F7BD5F83EAAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C1E1172-9D9E-439E-BD4B-4EF372344F59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB15C5DD-2D76-47ED-883C-D1901B96F391",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3E249ED-76DA-44B3-A3A7-788F4B1A19DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABD0A21F-CD80-4B01-B5D3-9B2281E4F143",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA516843-2A45-4705-9669-4B719F722192",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DA068C0-8067-4A94-9F74-0D1DACF9A9EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49F37AD5-120E-4FEA-ADA5-F6C3434B9BA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C059835E-8FD9-40DF-BA6F-7E313E49F511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E28A825-56F4-4EC5-9D62-661C0F4B477F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0_rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22E1FA6-7C9C-4D01-A645-CF41939C1988",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F886B99-E996-4BF7-9BE3-14A6713A997F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "65801122-2E5D-4244-9D37-5483F5C731F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A29559D-0DB8-40C8-A6E6-4F37DDD27571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8F869F3-6D8D-4C95-95F7-5AE42C67362B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B96BB4F-12B0-460A-B5CC-8BA6D69911FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D062B70A-E5FF-403B-8BD1-777D6462B7CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D58980B8-6D4B-4E90-8410-80FDD7CF15C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A884536-4D27-4350-B815-AB4E625879DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7ED3CC3-E0A8-4C20-9EF7-405CD32E9EF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD89F143-EEBF-472D-9653-E7534F5799FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "796C453E-D59A-4988-BD91-24F31646D8FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9851AD9-5093-4482-A632-487C6D104C9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.9a:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA5BA42-F53A-4E0D-B04C-D70D2291E408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "18AF3BC6-E33B-44BD-A2F6-A7F5244AA4FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
              "matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABC24558-B7C1-4DE7-BC24-AF092DF0DE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "0986D113-C9F9-4645-8968-D165EC6B917D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85F80F3-DC0E-4228-9FA3-D870BC2200D2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en SquirrelMail anteriores a la v1.4.17 permitir\u00eda a atacantes remotos inyectar secuencia de c\u00f3digo web o HTML a su elecci\u00f3n a trav\u00e9s de un hiperenlace manipulado en la parte HTML de un mensaje de correo electr\u00f3nico."
    }
  ],
  "id": "CVE-2008-2379",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-05T00:30:00.237",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32143"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33054"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33071"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33937"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security-net.biz/wsw/index.php?p=254\u0026n=190"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3438"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1682"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/32603"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.squirrelmail.org/index.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/3332"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47024"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33054"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33071"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security-net.biz/wsw/index.php?p=254\u0026n=190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1682"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32603"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.squirrelmail.org/index.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-F3QV-GJQ7-3M4G

Vulnerability from github – Published: 2022-05-01 23:49 – Updated: 2022-05-01 23:49

Details

Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-2379"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-12-05T00:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.",
  "id": "GHSA-f3qv-gjq7-3m4g",
  "modified": "2022-05-01T23:49:32Z",
  "published": "2022-05-01T23:49:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2379"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47024"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00223.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32143"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33054"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33071"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33937"
    },
    {
      "type": "WEB",
      "url": "http://security-net.biz/wsw/index.php?p=254\u0026n=190"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3438"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1682"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/32603"
    },
    {
      "type": "WEB",
      "url": "http://www.squirrelmail.org/index.php"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/3332"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-2379 (GCVE-0-2008-2379)

CERTA-2008-AVI-579

Description

Solution

CERTA-2009-AVI-068

Description

Solution

GSD-2008-2379

FKIE_CVE-2008-2379

GHSA-F3QV-GJQ7-3M4G

Tags

Sightings

Nomenclature