Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0520

6 documents6 sources
Severity
6.8MEDIUM
EPSS
14.9%
top 5.45%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Open Webmail Open WebmailSGI PropackSquirrelmail Squirrelmail
Timeline
PublishedAug 18
Latest updateMay 3

Description

Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

NVDsquirrelmail/squirrelmail17 versions+16
NVDopen_webmail/open_webmail2.30, 2.31, 2.32+2
NVDsgi/propack3.0

Patches

Patch: patches.sgi.comPatch: rhn.redhat.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-5vvf-4w4f-hj33: Cross-site scripting (XSS) vulnerability in mime2022-05-03
CVEList
CVE-2004-0520: Cross-site scripting (XSS) vulnerability in mime2004-06-03

💥Exploits & PoCs

1
Exploit-DB
SquirrelMail 1.x - Email Header HTML Injection2004-05-31

📋Vendor Advisories

1
Red Hat
security flaw2004-05-23

💬Community

1
Bugzilla
CVE-2004-0520 security flaw2018-08-16
CVE-2004-0520 (MEDIUM CVSS 6.8) | Cross-site scripting (XSS) vulnerab | cvebase.io