cbcvebase.
CVE-2002-1131
published 2002-10-04

CVE-2002-1131: Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php…

PriorityP265high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
25.75%
97.7th percentile
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
squirrelmailsquirrelmail<= 1.2.7

Detection & IOCsextracted from sources · hover to see the quote

url/src/addressbook.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
url/src/options.php?optpage=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
url/src/search.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&what=x&where=BODY&submit=Search
url/src/search.php?mailbox=INBOX&what=x&where=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&submit=Search
url/src/help.php?chapter=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
path/src/addressbook.php
path/src/options.php
path/src/help.php
versionSquirrelMail 1.2.7
  • Detect XSS probe in HTTP response body: look for reflected 'alert(document.domain)' string in HTML response body alongside HTTP 200 and content-type text/html from SquirrelMail paths.
  • Shodan/FOFA fingerprinting: identify exposed SquirrelMail instances via HTTP title 'squirrelmail' as a pre-exploitation reconnaissance indicator.
  • ·The vulnerability affects SquirrelMail 1.2.7 and earlier; the Nuclei template uses a wildcard CPE match, so version confirmation is needed before treating a detection as a true positive.
  • ·The Nuclei template uses 'stop-at-first-match: true', meaning only the first vulnerable endpoint will be confirmed per scan run; all five paths should be tested independently for full coverage.
  • ·Maximum request count for the detection template is 5 (one per vulnerable path); scanners should account for this when rate-limiting or batching requests.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.