CVE-2006-0188

webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.

Published: Feb 24, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-0188
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
squirrelmail / squirrelmail	1.4.2	1.4.2.x
squirrelmail / squirrelmail	1.4.6_rc1	1.4.6_rc1.x
squirrelmail / squirrelmail	1.4.3_r3	1.4.3_r3.x
squirrelmail / squirrelmail	1.4.3_rc1	1.4.3_rc1.x
squirrelmail / squirrelmail	1.4.4_rc1	1.4.4_rc1.x
squirrelmail / squirrelmail	1.4.3	1.4.3.x
squirrelmail / squirrelmail	1.4.1	1.4.1.x
squirrelmail / squirrelmail	1.4	1.4.x
squirrelmail / squirrelmail	1.4.3a	1.4.3a.x
squirrelmail / squirrelmail	1.4_rc1	1.4_rc1.x
squirrelmail / squirrelmail	1.4.4	1.4.4.x
squirrelmail / squirrelmail	1.4.5	1.4.5.x

Vulnerability Database

289,697

CVE-2006-0188