Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SquirrelMail HTML附件可插入脚本漏洞
Vulnerability Description
SquirrelMail是一套跨平台的使用PHP4开发Webmail邮件系统。 SquirrelMail对HTML文件附件的数据缺少充分正确的检查,可导致攻击者进行跨站脚本执行攻击。 攻击者可以在SquirrelMail的HTML文件附件输入包含恶意脚本代码,由于SquirrelMail在HTML文件中的内容没有对脚本代码标记进行过滤,用户查看包含恶意代码的HTML邮件时,可导致代码在浏览用户浏览器上执行,使用户基于Cookie认证的敏感信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A