Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
SquirrelMail From Email header HTML injection vulnerability
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The target is running at least one instance of SquirrelMail whose version number is between 1.2.0 and 1.2.10 inclusive.
Insight
Insight
Such versions do not properly sanitize From headers, leaving users vulnerable to XSS attacks. Further, since SquirrelMail displays From headers when listing a folder, attacks does not require a user to actually open a message, only view the folder listing. For example, a remote attacker could effectively launch a DoS against a user by sending a message with a From header such as: From:<!--<>(-->John Doe<script>document.cookie='PHPSESSID=xxx<semicolon> path=/'<semicolon></script><> which rewrites the session ID cookie and effectively logs the user out.
Solution
Solution
Upgrade to SquirrelMail 1.2.11 or later or wrap the call to sqimap_find_displayable_name in printMessageInfo in functions/mailbox_display.php with a call to htmlentities.