CVE-2004-0519 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors including the mailbox parameter in compose.php.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858 http://marc.info/?l=bugtraq&m=108334862800260 http://rhn.redhat.com/errata/RHSA-2004-240.html http://secunia.com/advisories/11531 http://secunia.com/advisories/11686 http://secunia.com/advisories/11870 http://secunia.com/advisories/12289 http://security.gentoo.org/glsa/glsa-200405-16.xml http://www.debian.org/security/2004/dsa-535 http://www.novell.com/linux/security/advisories/2005_19_sr.html http://www.securityfocus.com/advisories/6827 http://www.securityfocus.com/archive/1/361857 http://www.securityfocus.com/bid/10246 https://bugzilla.fedora.us/show_bug.cgi?id=1733 https://exchange.xforce.ibmcloud.com/vulnerabilities/16025 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1006 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10274