GCVE - cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:rc3:*:*:*:*:*:*

part: a version: 1.2.0 update: rc3

Vendor	Squirrelmail (`53f64d69-42c3-5c49-8690-e66c5b6ca053`)
Product	Squirrelmail (`2ace0a45-e551-5a60-86d7-16eaf090c4a3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/realityripple/squirrelmail`	purl2cpe	2026-06-01 10:18:10.987008
`pkg:rpm/fedora/squirrelmail`	purl2cpe	2026-06-01 10:18:10.987009
`pkg:rpm/opensuse/squirrelmail`	purl2cpe	2026-06-01 10:18:10.987011
`pkg:sourceforge/squirrelmail`	purl2cpe	2026-06-01 10:18:10.987012

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-2753`	vulnerable	2026-06-08 04:58:09.079480	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555. Published: 2011-07-17T20:00:00.000Z Updated: 2024-08-06T23:08:24.126Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119 https://bugzilla.redhat.com/show_bug.cgi?id=720694 http://rhn.redhat.com/errata/RHSA-2012-0103.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2752`	vulnerable	2026-06-08 04:58:09.077117	Details available CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555. Published: 2011-07-17T20:00:00.000Z Updated: 2024-08-06T23:08:23.802Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 https://exchange.xforce.ibmcloud.com/vulnerabilities/68587 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://www.squirrelmail.org/security/issue/2011-07-11 http://rhn.redhat.com/errata/RHSA-2012-0103.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2023`	vulnerable	2026-06-08 04:58:03.497562	Details available Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message. Published: 2011-07-14T23:00:00.000Z Updated: 2024-08-06T22:46:00.972Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 http://support.apple.com/kb/HT5130 http://www.squirrelmail.org/security/issue/2011-07-10 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-4555`	vulnerable	2026-06-08 04:56:29.189971	Details available Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page. Published: 2011-07-14T23:00:00.000Z Updated: 2024-08-07T03:51:17.937Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 http://support.apple.com/kb/HT5130 https://exchange.xforce.ibmcloud.com/vulnerabilities/68510 https://exchange.xforce.ibmcloud.com/vulnerabilities/68511 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-4554`	vulnerable	2026-06-08 04:56:29.145008	Details available functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. Published: 2011-07-14T23:00:00.000Z Updated: 2024-08-07T03:51:17.299Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 https://exchange.xforce.ibmcloud.com/vulnerabilities/68512 http://support.apple.com/kb/HT5130 http://www.squirrelmail.org/security/issue/2011-07-12 https://bugzilla.redhat.com/show_bug.cgi?id=720693	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-2964`	vulnerable	2026-06-08 04:51:31.587905	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php. Published: 2009-08-25T17:00:00.000Z Updated: 2024-08-07T06:07:37.413Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html https://gna.org/forum/forum.php?forum_id=2146 http://www.vupen.com/english/advisories/2010/1481 http://download.gna.org/nasmail/nasmail-1.7.zip	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1580`	vulnerable	2026-06-08 04:51:24.119485	Details available Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. Published: 2009-05-14T17:00:00.000Z Updated: 2024-08-07T05:20:34.615Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:110 http://www.securityfocus.com/bid/34916 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog http://www.vupen.com/english/advisories/2010/1481	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Squirrelmail

PURL mappings

Vulnerability references

Contribute