CVE-2002-1131

Published: Oct 4, 2002Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.

Affected (1)

Products: Squirrelmail: Squirrelmail

Squirrelmail

1 product

Squirrelmail

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Squirrelmail Squirrelmail	Up to 1.2.7

References (12)

http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html

Source: cve@mitre.org

ExploitVendor Advisory

http://sourceforge.net/project/shownotes.php?group_id=311&release_id=110774

Source: cve@mitre.org

http://www.debian.org/security/2002/dsa-191

Source: cve@mitre.org

http://www.iss.net/security_center/static/10145.php

Source: cve@mitre.org

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2002-204.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/5763

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html