ID CVE-2005-3128
Summary Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag.
References
Vulnerable Configurations
  • cpe:2.3:a:squirrelmail:address_add_plugin:1.9:*:*:*:*:*:*:*
    cpe:2.3:a:squirrelmail:address_add_plugin:1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:squirrelmail:address_add_plugin:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:squirrelmail:address_add_plugin:2.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 11-07-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
apple APPLE-SA-2007-07-31
bid
  • 14973
  • 25159
bugtraq 20050928 SquirrelMail Address Add Plugin XSS
confirm
mandriva MDKSA-2005:178
misc http://moritz-naumann.com/adv/0002/sqmadd/0002.txt
sectrack 1014988
secunia
  • 16987
  • 26235
vupen ADV-2007-2732
xf squirrelmail-add-xss(22453)
Last major update 11-07-2017 - 01:33
Published 04-10-2005 - 22:02
Last modified 11-07-2017 - 01:33
Back to Top