Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:squirrelmail:squirrelmail:1.4.15:rc1:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-3663 |
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. Published: September 24, 2008; 10:56:52 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-3174 |
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter. Published: June 22, 2006; 8:02:00 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |