Detections
Analytics
SquirrelMail < 1.2.11 Multiple Script XSS
medium Nessus Plugin ID 14217
Language:
Synopsis
The remote host has an application that is affected by multiple cross-site scripting vulnerabilities.Description
The target is running at least one instance of SquirrelMail whose version number is between 1.2.0 and 1.2.10 inclusive. Such versions do not properly sanitize From headers, leaving users vulnerable to XSS attacks. Further, since SquirrelMail displays From headers when listing a folder, attacks does not require a user to actually open a message, only view the folder listing.For example, a remote attacker could effectively launch a DoS against a user by sending a message with a From header such as :
From:<!--<>(-->John Doe<script>document.cookie='PHPSESSID=xxx; path=/';</script><>
which rewrites the session ID cookie and effectively logs the user out.
***** Nessus has determined the vulnerability exists on the target
***** simply by looking at the version number(s) of Squirrelmail
***** installed there.
Solution
Upgrade to SquirrelMail 1.2.11 or later or wrap the call to sqimap_find_displayable_name in printMessageInfo in functions/mailbox_display.php with a call to htmlentities.Plugin Details
Severity: Medium
ID: 14217
File Name: squirrelmail_html_injection_vuln.nasl
Version: 1.28
Type: remote
Family: CGI abuses : XSS
Published: 8/6/2004
Updated: 6/4/2024
Configuration: Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
VPR
Risk Factor: Medium
Score: 5.5
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: cpe:/a:squirrelmail:squirrelmail
Required KB Items: www/squirrelmail
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Vulnerability Publication Date: 5/29/2004
Reference Information
CVE: CVE-2004-0639
BID: 10450