CVE-2006-6142

Published: Dec 5, 2006Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."

Affected (15)

Products: Squirrelmail: Squirrelmail

Squirrelmail

1 product

Squirrelmail

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Squirrelmail Squirrelmail	Version 1.4.1
Squirrelmail Squirrelmail	Version 1.4.2
Squirrelmail Squirrelmail	Version 1.4.3
Squirrelmail Squirrelmail	Version 1.4.3_r3
Squirrelmail Squirrelmail	Version 1.4.3_rc1
Squirrelmail Squirrelmail	Version 1.4.3aa
Squirrelmail Squirrelmail	Version 1.4.4
Squirrelmail Squirrelmail	Version 1.4.4_rc1
Squirrelmail Squirrelmail	Version 1.4.5
Squirrelmail Squirrelmail	Version 1.4.6
Squirrelmail Squirrelmail	Version 1.4.6_cvs
Squirrelmail Squirrelmail	Version 1.4.6_rc1
Squirrelmail Squirrelmail	Version 1.4.7
Squirrelmail Squirrelmail	Version 1.4
Squirrelmail Squirrelmail	Version 1.4_rc1

References (60)

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc (unsafe URL)

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=306172

Source: cve@mitre.org

http://fedoranews.org/cms/node/2438

Source: cve@mitre.org

http://fedoranews.org/cms/node/2439

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

Source: cve@mitre.org

http://secunia.com/advisories/23195

Source: cve@mitre.org

http://secunia.com/advisories/23322

Source: cve@mitre.org

http://secunia.com/advisories/23409

Source: cve@mitre.org

http://secunia.com/advisories/23504

Source: cve@mitre.org

http://secunia.com/advisories/23811

Source: cve@mitre.org

http://secunia.com/advisories/24004

Source: cve@mitre.org

http://secunia.com/advisories/24284

Source: cve@mitre.org

http://secunia.com/advisories/26235

Source: cve@mitre.org

http://securitytracker.com/id?1017327

Source: cve@mitre.org

http://sourceforge.net/project/shownotes.php?release_id=468482

Source: cve@mitre.org

http://squirrelmail.org/security/issue/2006-12-02

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1241

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:226

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2006_29_sr.html

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2007_4_sr.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-0022.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/21414

Source: cve@mitre.org

http://www.securityfocus.com/bid/25159

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/4828

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/2732

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/30693

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/30694

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/30695

Source: cve@mitre.org

https://issues.rpath.com/browse/RPL-849

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc (unsafe URL)