CVE-2006-0195

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/" and "/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.

Published: Feb 24, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-0195
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
squirrelmail / squirrelmail	1.4.2	1.4.2.x
squirrelmail / squirrelmail	1.4.6_rc1	1.4.6_rc1.x
squirrelmail / squirrelmail	1.4.3_r3	1.4.3_r3.x
squirrelmail / squirrelmail	1.4.3_rc1	1.4.3_rc1.x
squirrelmail / squirrelmail	1.4.4_rc1	1.4.4_rc1.x
squirrelmail / squirrelmail	1.4.3	1.4.3.x
squirrelmail / squirrelmail	1.4.1	1.4.1.x
squirrelmail / squirrelmail	1.4	1.4.x
squirrelmail / squirrelmail	1.4.3a	1.4.3a.x
squirrelmail / squirrelmail	1.4_rc1	1.4_rc1.x
squirrelmail / squirrelmail	1.4.4	1.4.4.x
squirrelmail / squirrelmail	1.4.5	1.4.5.x

Vulnerability Database

289,697

CVE-2006-0195