CVE-2009-1581

Published: May 14, 2009Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message.

Affected (60)

Products: Squirrelmail: Squirrelmail

1 product

Configuration A

60 vulnerable

Vulnerable Software	Affected Versions
Squirrelmail Squirrelmail	All versions
Squirrelmail Squirrelmail	Up to 1.4.17
Squirrelmail Squirrelmail	Version 0.1.1
Squirrelmail Squirrelmail	Version 0.1.2
Squirrelmail Squirrelmail	Version 0.1
Squirrelmail Squirrelmail	Version 0.2.1
Squirrelmail Squirrelmail	Version 0.2
Squirrelmail Squirrelmail	Version 0.3.1
Squirrelmail Squirrelmail	Version 0.3
Squirrelmail Squirrelmail	Version 0.3pre1
Squirrelmail Squirrelmail	Version 0.3pre2
Squirrelmail Squirrelmail	Version 0.4
Squirrelmail Squirrelmail	Version 0.4pre1
Squirrelmail Squirrelmail	Version 0.4pre2
Squirrelmail Squirrelmail	Version 0.5
Squirrelmail Squirrelmail	Version 0.5pre1
Squirrelmail Squirrelmail	Version 0.5pre2
Squirrelmail Squirrelmail	Version 1.0.1
Squirrelmail Squirrelmail	Version 1.0.2
Squirrelmail Squirrelmail	Version 1.0.3
Squirrelmail Squirrelmail	Version 1.0.4
Squirrelmail Squirrelmail	Version 1.0.5
Squirrelmail Squirrelmail	Version 1.0.6
Squirrelmail Squirrelmail	Version 1.0
Squirrelmail Squirrelmail	Version 1.0pre1
Squirrelmail Squirrelmail	Version 1.0pre2
Squirrelmail Squirrelmail	Version 1.0pre3
Squirrelmail Squirrelmail	Version 1.1.0
Squirrelmail Squirrelmail	Version 1.1.1
Squirrelmail Squirrelmail	Version 1.1.2
Squirrelmail Squirrelmail	Version 1.1.3
Squirrelmail Squirrelmail	Version 1.2.0
Squirrelmail Squirrelmail	Version 1.2.0_rc3
Squirrelmail Squirrelmail	Version 1.2.10
Squirrelmail Squirrelmail	Version 1.2.11
Squirrelmail Squirrelmail	Version 1.2.1
Squirrelmail Squirrelmail	Version 1.2.2
Squirrelmail Squirrelmail	Version 1.2.3
Squirrelmail Squirrelmail	Version 1.2.4
Squirrelmail Squirrelmail	Version 1.2.5
Squirrelmail Squirrelmail	Version 1.2.6
Squirrelmail Squirrelmail	Version 1.2.7
Squirrelmail Squirrelmail	Version 1.2.8
Squirrelmail Squirrelmail	Version 1.2.9
Squirrelmail Squirrelmail	Version 1.2
Squirrelmail Squirrelmail	Version 1.3.0
Squirrelmail Squirrelmail	Version 1.3.1
Squirrelmail Squirrelmail	Version 1.3.2
Squirrelmail Squirrelmail	Version 1.4.0
Squirrelmail Squirrelmail	Version 1.4.0_rc1
Squirrelmail Squirrelmail	Version 1.4.0_rc2a
Squirrelmail Squirrelmail	Version 1.4.10
Squirrelmail Squirrelmail	Version 1.4.10a
Squirrelmail Squirrelmail	Version 1.4.11
Squirrelmail Squirrelmail	Version 1.4.12
Squirrelmail Squirrelmail	Version 1.4.15
Squirrelmail Squirrelmail	Version 1.4.15_rc1
Squirrelmail Squirrelmail	Version 1.4.16
Squirrelmail Squirrelmail	Version 1.4.1
Squirrelmail Squirrelmail	Version 1.4

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (46)

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

Source: cve@mitre.org

http://secunia.com/advisories/35052

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/35073

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/35140

Source: cve@mitre.org

http://secunia.com/advisories/35259

Source: cve@mitre.org

http://secunia.com/advisories/40220

Source: cve@mitre.org

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog

Source: cve@mitre.org

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667&r2=13666&pathrev=13667

Source: cve@mitre.org

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667

Source: cve@mitre.org

http://support.apple.com/kb/HT4188

Source: cve@mitre.org

http://www.debian.org/security/2009/dsa-1802

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2009:110

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2009-1066.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/34916

Source: cve@mitre.org

http://www.squirrelmail.org/security/issue/2009-05-12

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/1296

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2010/1481

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=500356

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/50463

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35052

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/35073

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/35140

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35259

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/40220

Source: af854a3a-2127-422b-91ae-364da2661108

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog

Source: af854a3a-2127-422b-91ae-364da2661108

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667&r2=13666&pathrev=13667

Source: af854a3a-2127-422b-91ae-364da2661108

http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4188

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1802

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:110

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2009-1066.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/34916

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.squirrelmail.org/security/issue/2009-05-12

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/1296

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2010/1481

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=500356

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/50463

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.