Vulnerability Details

ID: CVE-2002-2086

Last Modified: July 11, 2017

Open in new window

Description

Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag.

CVSS V2

Access Vector: Network

Access Complexity: Medium

Authentication: None

Confidentiality Impact: None

Integrity Impact: Partial

Availability Impact: None

Base Score: 4.3

Exploitability Score: 8.6

Impact Score: 2.9

CVSS V2: AV:N/AC:M/Au:N/C:N/I:P/A:N

Specialize CVSS-Score

CWE-ID

NVD-CWE-Other

Configuration

Condition		Configuration
OR
OR
	cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:::::::* Part: a Product: squirrelmail Vendor: squirrelmail Version: 1.2.0	Alle Schwachstellen für squirrelmail
	cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:::::::* Part: a Product: squirrelmail Vendor: squirrelmail Version: 1.2.2	Alle Schwachstellen für squirrelmail
	cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:::::::* Part: a Product: squirrelmail Vendor: squirrelmail Version: 1.2.1	Alle Schwachstellen für squirrelmail
	cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:::::::* Part: a Product: squirrelmail Vendor: squirrelmail Version: 1.2.4	Alle Schwachstellen für squirrelmail
	cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:::::::* Part: a Product: squirrelmail Vendor: squirrelmail Version: 1.2.3	Alle Schwachstellen für squirrelmail
	cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:::::::* Part: a Product: squirrelmail Vendor: squirrelmail Version: 1.2.5	Alle Schwachstellen für squirrelmail

Pre-Condition

                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

Post-Condition

                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="remote"/>
        <prop key="range" value="local"/>
    </set>
</set>