CVE-2004-0520
published 2004-08-18CVE-2004-0520: Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the…
PriorityP426medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
7.13%
93.5th percentile
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open_webmail | open_webmail | — | — |
| open_webmail | open_webmail | — | — |
| open_webmail | open_webmail | — | — |
| sgi | propack | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
| squirrelmail | squirrelmail | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5vvf-4w4f-hj33: Cross-site scripting (XSS) vulnerability in mime
ghsa_unreviewed·2022-05-03
CVE-2004-0520 [MEDIUM] GHSA-5vvf-4w4f-hj33: Cross-site scripting (XSS) vulnerability in mime
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
Red Hat
security flaw
vendor_redhat·2004-05-23·CVSS 6.8
CVE-2004-0520 [MEDIUM] security flaw
security flaw
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
No detection rules found.
ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.aschttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858http://marc.info/?l=bugtraq&m=108611554415078&w=2http://marc.info/?l=squirrelmail-cvs&m=108532891231712http://rhn.redhat.com/errata/RHSA-2004-240.htmlhttp://secunia.com/advisories/11870http://secunia.com/advisories/12289http://www.debian.org/security/2004/dsa-535http://www.gentoo.org/security/en/glsa/glsa-200406-08.xmlhttp://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txthttp://www.securityfocus.com/advisories/6827http://www.securityfocus.com/bid/10439https://bugzilla.fedora.us/show_bug.cgi?id=1733https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1012https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10766ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.aschttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858http://marc.info/?l=bugtraq&m=108611554415078&w=2http://marc.info/?l=squirrelmail-cvs&m=108532891231712http://rhn.redhat.com/errata/RHSA-2004-240.htmlhttp://secunia.com/advisories/11870http://secunia.com/advisories/12289http://www.debian.org/security/2004/dsa-535http://www.gentoo.org/security/en/glsa/glsa-200406-08.xmlhttp://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txthttp://www.securityfocus.com/advisories/6827http://www.securityfocus.com/bid/10439https://bugzilla.fedora.us/show_bug.cgi?id=1733https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1012https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10766
2004-08-18
Published