fkie_cve-2009-1581
Vulnerability from fkie_nvd
Published
2009-05-14 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message.
References
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
cve@mitre.orghttp://secunia.com/advisories/35052Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/35073Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/35140
cve@mitre.orghttp://secunia.com/advisories/35259
cve@mitre.orghttp://secunia.com/advisories/40220
cve@mitre.orghttp://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog
cve@mitre.orghttp://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667&r2=13666&pathrev=13667
cve@mitre.orghttp://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667
cve@mitre.orghttp://support.apple.com/kb/HT4188
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1802
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:110
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2009-1066.html
cve@mitre.orghttp://www.securityfocus.com/bid/34916
cve@mitre.orghttp://www.squirrelmail.org/security/issue/2009-05-12
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/1296Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/1481
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=500356Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/50463
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35052Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35073Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35140
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35259
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40220
af854a3a-2127-422b-91ae-364da2661108http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog
af854a3a-2127-422b-91ae-364da2661108http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667&r2=13666&pathrev=13667
af854a3a-2127-422b-91ae-364da2661108http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4188
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1802
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:110
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-1066.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34916
af854a3a-2127-422b-91ae-364da2661108http://www.squirrelmail.org/security/issue/2009-05-12
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1296Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1481
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=500356Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/50463
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html
Impacted products
Vendor Product Version
squirrelmail squirrelmail *
squirrelmail squirrelmail *
squirrelmail squirrelmail 0.1
squirrelmail squirrelmail 0.1.1
squirrelmail squirrelmail 0.1.2
squirrelmail squirrelmail 0.2
squirrelmail squirrelmail 0.2.1
squirrelmail squirrelmail 0.3
squirrelmail squirrelmail 0.3.1
squirrelmail squirrelmail 0.3pre1
squirrelmail squirrelmail 0.3pre2
squirrelmail squirrelmail 0.4
squirrelmail squirrelmail 0.4pre1
squirrelmail squirrelmail 0.4pre2
squirrelmail squirrelmail 0.5
squirrelmail squirrelmail 0.5pre1
squirrelmail squirrelmail 0.5pre2
squirrelmail squirrelmail 1.0
squirrelmail squirrelmail 1.0.1
squirrelmail squirrelmail 1.0.2
squirrelmail squirrelmail 1.0.3
squirrelmail squirrelmail 1.0.4
squirrelmail squirrelmail 1.0.5
squirrelmail squirrelmail 1.0.6
squirrelmail squirrelmail 1.0pre1
squirrelmail squirrelmail 1.0pre2
squirrelmail squirrelmail 1.0pre3
squirrelmail squirrelmail 1.1.0
squirrelmail squirrelmail 1.1.1
squirrelmail squirrelmail 1.1.2
squirrelmail squirrelmail 1.1.3
squirrelmail squirrelmail 1.2
squirrelmail squirrelmail 1.2.0
squirrelmail squirrelmail 1.2.0_rc3
squirrelmail squirrelmail 1.2.1
squirrelmail squirrelmail 1.2.2
squirrelmail squirrelmail 1.2.3
squirrelmail squirrelmail 1.2.4
squirrelmail squirrelmail 1.2.5
squirrelmail squirrelmail 1.2.6
squirrelmail squirrelmail 1.2.7
squirrelmail squirrelmail 1.2.8
squirrelmail squirrelmail 1.2.9
squirrelmail squirrelmail 1.2.10
squirrelmail squirrelmail 1.2.11
squirrelmail squirrelmail 1.3.0
squirrelmail squirrelmail 1.3.1
squirrelmail squirrelmail 1.3.2
squirrelmail squirrelmail 1.4
squirrelmail squirrelmail 1.4.0
squirrelmail squirrelmail 1.4.0_rc1
squirrelmail squirrelmail 1.4.0_rc2a
squirrelmail squirrelmail 1.4.1
squirrelmail squirrelmail 1.4.10
squirrelmail squirrelmail 1.4.10a
squirrelmail squirrelmail 1.4.11
squirrelmail squirrelmail 1.4.12
squirrelmail squirrelmail 1.4.15
squirrelmail squirrelmail 1.4.15_rc1
squirrelmail squirrelmail 1.4.16



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2FF0DF6-AEEC-4099-B1C4-19EDC1FDD564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23AEC37-88CE-488D-B9D2-2B0322D0FC8A",
              "versionEndIncluding": "1.4.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C2F0267-47D5-436F-B9F6-505CEC582AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "565E131D-56A9-46AB-800D-12B097FE3B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FAB6F43-2DAE-4E02-8F0A-EE4D4FB3E005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "86DB6243-3A4A-419E-B6C5-D61F5B0A1E7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2805F37-B8E6-4647-9E90-50763C7E4952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "284E543F-6AC3-45CD-8448-3A1D4D3DD469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C7E957E-81C0-4FA3-9944-5E514874BED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FF0DACB-F875-448B-86DF-D40531A2A762",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.3pre2:*:*:*:*:*:*:*",
              "matchCriteriaId": "651432C3-1EE9-4BBA-A1CF-DCC9F19954D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11C84D0-13B5-4298-B9F3-BF5C6F927793",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEE72FA1-E635-436B-A650-A8D4040925B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.4pre2:*:*:*:*:*:*:*",
              "matchCriteriaId": "512F2AB5-EB24-4846-B924-377D040C131A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "25F42A76-BF06-4DA9-8667-0E81D17B5B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre1:*:*:*:*:*:*:*",
              "matchCriteriaId": "02410BAB-C1D7-4883-A27B-C13A72707CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:0.5pre2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8509AAEE-225C-4907-884D-F9796ACA40F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD41781D-1F7E-43A7-AD59-ADFE1D04D825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "78650B7E-9638-46FF-9656-38E8DFE3FA93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "94CBBB8E-E0AB-4F7B-A55E-F7BD5F83EAAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C1E1172-9D9E-439E-BD4B-4EF372344F59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "67E9817E-FF56-4FD0-B6C7-F4EEB25AD0CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EBF40C5-6272-427C-97A1-3CE3B1D47B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB15C5DD-2D76-47ED-883C-D1901B96F391",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3E249ED-76DA-44B3-A3A7-788F4B1A19DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABD0A21F-CD80-4B01-B5D3-9B2281E4F143",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.0pre3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA516843-2A45-4705-9669-4B719F722192",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DA068C0-8067-4A94-9F74-0D1DACF9A9EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49F37AD5-120E-4FEA-ADA5-F6C3434B9BA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C059835E-8FD9-40DF-BA6F-7E313E49F511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E28A825-56F4-4EC5-9D62-661C0F4B477F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "545CD944-7C64-49E3-A32E-3388B5F3ECF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A55A98B3-34ED-4A90-BB78-50CB56B1B51F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.0_rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22E1FA6-7C9C-4D01-A645-CF41939C1988",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC5143ED-D4C5-4830-9C96-0B54D03679CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B765AEC-09E9-456C-8B57-09927E55D119",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AAFC3B0-DCE3-4190-B279-E095C666FA34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9291A565-0BD6-4B5E-B45F-9DE65AB8159D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F53A84-FC66-4963-A728-7285F63D4761",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F11950-A2E4-4F57-BF87-57788B841A21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F886B99-E996-4BF7-9BE3-14A6713A997F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "65801122-2E5D-4244-9D37-5483F5C731F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A29559D-0DB8-40C8-A6E6-4F37DDD27571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C179A3C-8C8C-429B-BACA-8ADAE4170465",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8F869F3-6D8D-4C95-95F7-5AE42C67362B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0_rc2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B96BB4F-12B0-460A-B5CC-8BA6D69911FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "18AF3BC6-E33B-44BD-A2F6-A7F5244AA4FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.10a:*:*:*:*:*:*:*",
              "matchCriteriaId": "77776503-3258-400D-8404-233EAFA940AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "682BC5E2-F2C5-4B6F-8EF0-E05152BB9B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABC24558-B7C1-4DE7-BC24-AF092DF0DE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "0986D113-C9F9-4645-8968-D165EC6B917D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.15_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85F80F3-DC0E-4228-9FA3-D870BC2200D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8608AE1-7930-47CF-B2E8-9E86E2FB5A20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "functions/mime.php in SquirrelMail before 1.4.18 does not protect the application\u0027s content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message."
    },
    {
      "lang": "es",
      "value": "functions/mime.php en SquirrelMail versiones anteriores a v1.4.18 no protege el contenido de la aplicaci\u00f3n de Cascading Style Sheets (CSS) posicionado en mensajes de correo HTML, lo cual permite a atacantes remotos falsear la interfaz de usuario, y conducir ataques de secuencias de comandos en sitios cruzados (XSS) y phishing, a trav\u00e9s de mensajes manipulados."
    }
  ],
  "id": "CVE-2009-1581",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-05-14T17:30:00.733",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35052"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35073"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35140"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35259"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/40220"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667\u0026r2=13666\u0026pathrev=13667"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13667"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT4188"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1802"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34916"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.squirrelmail.org/security/issue/2009-05-12"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1296"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/1481"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500356"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50463"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/40220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667\u0026r2=13666\u0026pathrev=13667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev\u0026revision=13667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.squirrelmail.org/security/issue/2009-05-12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…