Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

SquirrelMail From Email header HTML injection vulnerability

Information

Severity

Severity

Medium

Family

Family

Web application abuses

CVSSv2 Base

CVSSv2 Base

6.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

18 years ago

Modified

Modified

5 years ago

Summary

The target is running at least one instance of SquirrelMail whose version number is between 1.2.0 and 1.2.10 inclusive.

Insight

Insight

Such versions do not properly sanitize From headers, leaving users vulnerable to XSS attacks. Further, since SquirrelMail displays From headers when listing a folder, attacks does not require a user to actually open a message, only view the folder listing. For example, a remote attacker could effectively launch a DoS against a user by sending a message with a From header such as: From:<!--<>(-->John Doe<script>document.cookie='PHPSESSID=xxx<semicolon> path=/'<semicolon></script><> which rewrites the session ID cookie and effectively logs the user out.

Solution

Solution

Upgrade to SquirrelMail 1.2.11 or later or wrap the call to sqimap_find_displayable_name in printMessageInfo in functions/mailbox_display.php with a call to htmlentities.

Common Vulnerabilities and Exposures (CVE)