cbcvebase.
CVE-2004-0519
published 2004-08-18

CVE-2004-0519: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal…

PriorityP433medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
22.53%
97.4th percentile
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.

Affected

18 ranges
VendorProductVersion rangeFixed in
sgipropack
squirrelmailsquirrelmail
squirrelmailsquirrelmail
squirrelmailsquirrelmail
squirrelmailsquirrelmail
squirrelmailsquirrelmail
squirrelmailsquirrelmail
squirrelmailsquirrelmail
squirrelmailsquirrelmail
squirrelmailsquirrelmail
squirrelmailsquirrelmail
squirrelmailsquirrelmail
squirrelmailsquirrelmail
squirrelmailsquirrelmail
squirrelmailsquirrelmail
squirrelmailsquirrelmail
squirrelmailsquirrelmail
squirrelmailsquirrelmail

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.