CVE-2019-12970

XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*

Information

Published : 2019-07-01 04:15

Updated : 2019-07-30 02:15


NVD link : CVE-2019-12970

Mitre link : CVE-2019-12970


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

squirrelmail

  • squirrelmail