CVE-2004-0520

Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.

Published: Aug 18, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0520
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
squirrelmail / squirrelmail	1.4.2	1.4.2.x
squirrelmail / squirrelmail	1.2.7	1.2.7.x
squirrelmail / squirrelmail	1.2.0	1.2.0.x
sgi / propack	3.0	3.0.x
squirrelmail / squirrelmail	1.2.9	1.2.9.x
squirrelmail / squirrelmail	1.4.3_rc1	1.4.3_rc1.x
squirrelmail / squirrelmail	1.2.2	1.2.2.x
open_webmail / open_webmail	2.30	2.30.x
squirrelmail / squirrelmail	1.2.1	1.2.1.x
squirrelmail / squirrelmail	1.4.1	1.4.1.x
squirrelmail / squirrelmail	1.4	1.4.x
squirrelmail / squirrelmail	1.2.4	1.2.4.x
squirrelmail / squirrelmail	1.2.3	1.2.3.x
open_webmail / open_webmail	2.31	2.31.x
squirrelmail / squirrelmail	1.2.6	1.2.6.x
squirrelmail / squirrelmail	1.2.10	1.2.10.x
squirrelmail / squirrelmail	1.2.5	1.2.5.x
open_webmail / open_webmail	2.32	2.32.x
squirrelmail / squirrelmail	1.2.8	1.2.8.x
squirrelmail / squirrelmail	1.2.11	1.2.11.x
squirrelmail / squirrelmail	1.5_dev	1.5_dev.x

Vulnerability Database

289,599

CVE-2004-0520