CVE - CVE-2006-0188

CVE-ID
CVE-2006-0188	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://www.squirrelmail.org/security/issue/2006-02-01 DEBIAN:DSA-988 URL:http://www.debian.org/security/2006/dsa-988 FEDORA:FEDORA-2006-133 URL:http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html GENTOO:GLSA-200603-09 URL:http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml MANDRIVA:MDKSA-2006:049 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:049 REDHAT:RHSA-2006:0283 URL:http://www.redhat.com/support/errata/RHSA-2006-0283.html SGI:20060501-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc SUSE:SUSE-SR:2006:005 URL:http://www.novell.com/linux/security/advisories/2006_05_sr.html BID:16756 URL:http://www.securityfocus.com/bid/16756 OVAL:oval:org.mitre.oval:def:10419 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10419 VUPEN:ADV-2006-0689 URL:http://www.vupen.com/english/advisories/2006/0689 SECTRACK:1015662 URL:http://securitytracker.com/id?1015662 SECUNIA:18985 URL:http://secunia.com/advisories/18985 SECUNIA:19131 URL:http://secunia.com/advisories/19131 SECUNIA:19130 URL:http://secunia.com/advisories/19130 SECUNIA:19176 URL:http://secunia.com/advisories/19176 SECUNIA:19205 URL:http://secunia.com/advisories/19205 SECUNIA:19960 URL:http://secunia.com/advisories/19960 SECUNIA:20210 URL:http://secunia.com/advisories/20210 XF:squirrelmail-webmail-xss(24847) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/24847
Assigning CNA
N/A
Date Entry Created
20060112	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060112)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org