Home > Vulnerability Database > CVE-2006-6142

Mend.io Vulnerability Database

CVE-2006-6142

Date: December 5, 2006

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."

Severity Score

5.6

Related Resources (33)

Url: http://docs.info.apple.com/article.html?artnum=306172

Url: http://squirrelmail.org/security/issue/2006-12-02

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-6142

Url: http://securitytracker.com/id?1017327

Url: http://secunia.com/advisories/23811

Url: http://sourceforge.net/project/shownotes.php?release_id=468482

Url: https://access.redhat.com/security/cve/CVE-2006-6142

Url: http://secunia.com/advisories/23195

Url: http://secunia.com/advisories/24284

Url: http://www.novell.com/linux/security/advisories/2007_4_sr.html

Url: http://secunia.com/advisories/24004

Url: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc

Url: http://www.novell.com/linux/security/advisories/2006_29_sr.html

Url: http://fedoranews.org/cms/node/2438

Url: http://www.debian.org/security/2006/dsa-1241

Url: http://fedoranews.org/cms/node/2439

Url: http://www.securityfocus.com/bid/25159

Url: http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

Url: http://secunia.com/advisories/23409

Url: http://www.redhat.com/support/errata/RHSA-2007-0022.html

Url: http://www.securityfocus.com/bid/21414

Url: http://www.vupen.com/english/advisories/2007/2732

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/30695

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/30694

Url: http://secunia.com/advisories/23504

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/30693

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988

Url: https://issues.rpath.com/browse/RPL-849

Url: http://www.vupen.com/english/advisories/2006/4828

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:226

Url: http://secunia.com/advisories/23322

Url: http://secunia.com/advisories/26235

Url: https://www.mend.io/vulnerability-database/CVE-2006-6142

Severity Score

5.6

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-6142

Date: December 5, 2006

Severity Score

Related Resources (33)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?