The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.
References
Configurations
History
No history.
Information
Published : 2018-08-05 18:29
Updated : 2024-11-21 03:50
NVD link : CVE-2018-14951
Mitre link : CVE-2018-14951
CVE.ORG link : CVE-2018-14951
JSON object : View
Products Affected
squirrelmail
- squirrelmail
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')