CVE-2002-1341

Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.

Published: Dec 18, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-1341
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
squirrelmail / squirrelmail	1.2.7	1.2.7.x
squirrelmail / squirrelmail	1.2.9	1.2.9.x
squirrelmail / squirrelmail	1.2.6	1.2.6.x
squirrelmail / squirrelmail	1.2.10	1.2.10.x
squirrelmail / squirrelmail	1.2.8	1.2.8.x

http://f0kp.iplus.ru/bz/008.txt
http://marc.info/?l=bugtraq&m=103893844126484&w=2
http://marc.info/?l=bugtraq&m=103911130503272&w=2
http://marc.info/?l=bugtraq&m=104004924002662&w=2
http://secunia.com/advisories/8220
http://www.debian.org/security/2002/dsa-220
http://www.redhat.com/support/errata/RHSA-2003-042.html
http://www.securityfocus.com/bid/6302
https://exchange.xforce.ibmcloud.com/vulnerabilities/10754

Vulnerability Database

289,697

CVE-2002-1341