Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0519

7 documents7 sources
Severity
6.8MEDIUM
EPSS
0.2%
top 59.29%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SGI PropackSquirrelmail Squirrelmail
Timeline
PublishedAug 18
Latest updateMay 3

Description

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDsquirrelmail/squirrelmail17 versions+16
NVDsgi/propack3.0

Patches

Patch: patches.sgi.comPatch: rhn.redhat.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-w2mg-247r-4xfc: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 12022-05-03
CVEList
CVE-2004-0519: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 12004-06-03

💥Exploits & PoCs

2
Exploit-DB
SquirrelMail 1.4.x - Folder Name Cross-Site Scripting2004-04-30
Nuclei
SquirrelMail 1.4.x - Folder Name Cross-Site Scripting

📋Vendor Advisories

1
Red Hat
security flaw2004-04-29

💬Community

1
Bugzilla
CVE-2004-0519 security flaw2018-08-16
CVE-2004-0519 (MEDIUM CVSS 6.8) | Multiple cross-site scripting (XSS) | cvebase.io