GCVE - cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:squirrelmail:squirrelmail:0.3:*:*:*:*:*:*:*

part: a version: 0.3 update: *

Vendor	Squirrelmail (`53f64d69-42c3-5c49-8690-e66c5b6ca053`)
Product	Squirrelmail (`2ace0a45-e551-5a60-86d7-16eaf090c4a3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/realityripple/squirrelmail`	purl2cpe	2026-06-01 10:18:10.957404
`pkg:rpm/fedora/squirrelmail`	purl2cpe	2026-06-01 10:18:10.957405
`pkg:rpm/opensuse/squirrelmail`	purl2cpe	2026-06-01 10:18:10.957407
`pkg:sourceforge/squirrelmail`	purl2cpe	2026-06-01 10:18:10.957408

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-2753`	vulnerable	2026-06-08 04:58:09.079056	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555. Published: 2011-07-17T20:00:00.000Z Updated: 2024-08-06T23:08:24.126Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119 https://bugzilla.redhat.com/show_bug.cgi?id=720694 http://rhn.redhat.com/errata/RHSA-2012-0103.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2752`	vulnerable	2026-06-08 04:58:09.076658	Details available CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555. Published: 2011-07-17T20:00:00.000Z Updated: 2024-08-06T23:08:23.802Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 https://exchange.xforce.ibmcloud.com/vulnerabilities/68587 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://www.squirrelmail.org/security/issue/2011-07-11 http://rhn.redhat.com/errata/RHSA-2012-0103.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2023`	vulnerable	2026-06-08 04:58:03.480820	Details available Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message. Published: 2011-07-14T23:00:00.000Z Updated: 2024-08-06T22:46:00.972Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 http://support.apple.com/kb/HT5130 http://www.squirrelmail.org/security/issue/2011-07-10 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-4555`	vulnerable	2026-06-08 04:56:29.189528	Details available Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page. Published: 2011-07-14T23:00:00.000Z Updated: 2024-08-07T03:51:17.937Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 http://support.apple.com/kb/HT5130 https://exchange.xforce.ibmcloud.com/vulnerabilities/68510 https://exchange.xforce.ibmcloud.com/vulnerabilities/68511 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-4554`	vulnerable	2026-06-08 04:56:29.128339	Details available functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. Published: 2011-07-14T23:00:00.000Z Updated: 2024-08-07T03:51:17.299Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 https://exchange.xforce.ibmcloud.com/vulnerabilities/68512 http://support.apple.com/kb/HT5130 http://www.squirrelmail.org/security/issue/2011-07-12 https://bugzilla.redhat.com/show_bug.cgi?id=720693	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1581`	vulnerable	2026-06-08 04:51:24.135890	Details available functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message. Published: 2009-05-14T17:00:00.000Z Updated: 2024-08-07T05:20:33.965Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html https://bugzilla.redhat.com/show_bug.cgi?id=500356 http://www.mandriva.com/security/advisories?name=MDVSA-2009:110 http://www.securityfocus.com/bid/34916 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1580`	vulnerable	2026-06-08 04:51:24.110713	Details available Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. Published: 2009-05-14T17:00:00.000Z Updated: 2024-08-07T05:20:34.615Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:110 http://www.securityfocus.com/bid/34916 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog http://www.vupen.com/english/advisories/2010/1481	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1579`	vulnerable	2026-06-08 04:51:24.108647	Details available The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. Published: 2009-05-14T17:00:00.000Z Updated: 2024-08-07T05:20:34.591Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674&r2=13673&pathrev=13674 https://gna.org/forum/forum.php?forum_id=2146 http://www.mandriva.com/security/advisories?name=MDVSA-2009:110	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1578`	vulnerable	2026-06-08 04:51:24.075500	Details available Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING). Published: 2009-05-14T17:00:00.000Z Updated: 2024-08-07T05:20:34.865Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html https://gna.org/forum/forum.php?forum_id=2146 http://www.mandriva.com/security/advisories?name=MDVSA-2009:110 http://www.securityfocus.com/bid/34916 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-2379`	vulnerable	2026-06-08 04:50:23.746312	Details available Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. Published: 2008-12-05T00:00:00.000Z Updated: 2024-08-07T08:58:02.253Z Open on db.gcve.eu Reference links https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764 http://secunia.com/advisories/33937 http://secunia.com/advisories/33071 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html http://secunia.com/advisories/33054	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.