GCVE - cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:squirrelmail:squirrelmail:1.4.11:*:*:*:*:*:*:*

part: a version: 1.4.11 update: *

Vendor	Squirrelmail (`53f64d69-42c3-5c49-8690-e66c5b6ca053`)
Product	Squirrelmail (`2ace0a45-e551-5a60-86d7-16eaf090c4a3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/realityripple/squirrelmail`	purl2cpe	2026-06-01 10:18:11.014922
`pkg:rpm/fedora/squirrelmail`	purl2cpe	2026-06-01 10:18:11.014924
`pkg:rpm/opensuse/squirrelmail`	purl2cpe	2026-06-01 10:18:11.014925
`pkg:sourceforge/squirrelmail`	purl2cpe	2026-06-01 10:18:11.014927

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-2753`	vulnerable	2026-06-08 04:58:09.080303	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555. Published: 2011-07-17T20:00:00.000Z Updated: 2024-08-06T23:08:24.126Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119 https://bugzilla.redhat.com/show_bug.cgi?id=720694 http://rhn.redhat.com/errata/RHSA-2012-0103.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2752`	vulnerable	2026-06-08 04:58:09.077994	Details available CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555. Published: 2011-07-17T20:00:00.000Z Updated: 2024-08-06T23:08:23.802Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 https://exchange.xforce.ibmcloud.com/vulnerabilities/68587 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://www.squirrelmail.org/security/issue/2011-07-11 http://rhn.redhat.com/errata/RHSA-2012-0103.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2023`	vulnerable	2026-06-08 04:58:03.529563	Details available Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message. Published: 2011-07-14T23:00:00.000Z Updated: 2024-08-06T22:46:00.972Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 http://support.apple.com/kb/HT5130 http://www.squirrelmail.org/security/issue/2011-07-10 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-4555`	vulnerable	2026-06-08 04:56:29.191012	Details available Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page. Published: 2011-07-14T23:00:00.000Z Updated: 2024-08-07T03:51:17.937Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 http://support.apple.com/kb/HT5130 https://exchange.xforce.ibmcloud.com/vulnerabilities/68510 https://exchange.xforce.ibmcloud.com/vulnerabilities/68511 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-4554`	vulnerable	2026-06-08 04:56:29.181399	Details available functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. Published: 2011-07-14T23:00:00.000Z Updated: 2024-08-07T03:51:17.299Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 https://exchange.xforce.ibmcloud.com/vulnerabilities/68512 http://support.apple.com/kb/HT5130 http://www.squirrelmail.org/security/issue/2011-07-12 https://bugzilla.redhat.com/show_bug.cgi?id=720693	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2813`	vulnerable	2026-06-08 04:55:10.837528	Details available functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files. Published: 2010-08-19T17:43:00.000Z Updated: 2024-08-07T02:46:48.556Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html http://support.apple.com/kb/HT5130 https://exchange.xforce.ibmcloud.com/vulnerabilities/61124 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-2964`	vulnerable	2026-06-08 04:51:31.598866	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php. Published: 2009-08-25T17:00:00.000Z Updated: 2024-08-07T06:07:37.413Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html https://gna.org/forum/forum.php?forum_id=2146 http://www.vupen.com/english/advisories/2010/1481 http://download.gna.org/nasmail/nasmail-1.7.zip	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1581`	vulnerable	2026-06-08 04:51:24.136727	Details available functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message. Published: 2009-05-14T17:00:00.000Z Updated: 2024-08-07T05:20:33.965Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html https://bugzilla.redhat.com/show_bug.cgi?id=500356 http://www.mandriva.com/security/advisories?name=MDVSA-2009:110 http://www.securityfocus.com/bid/34916 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1580`	vulnerable	2026-06-08 04:51:24.132676	Details available Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. Published: 2009-05-14T17:00:00.000Z Updated: 2024-08-07T05:20:34.615Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:110 http://www.securityfocus.com/bid/34916 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog http://www.vupen.com/english/advisories/2010/1481	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1579`	vulnerable	2026-06-08 04:51:24.109496	Details available The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. Published: 2009-05-14T17:00:00.000Z Updated: 2024-08-07T05:20:34.591Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10986 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?r1=13674&r2=13673&pathrev=13674 https://gna.org/forum/forum.php?forum_id=2146 http://www.mandriva.com/security/advisories?name=MDVSA-2009:110	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1578`	vulnerable	2026-06-08 04:51:24.104922	Details available Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING). Published: 2009-05-14T17:00:00.000Z Updated: 2024-08-07T05:20:34.865Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html https://gna.org/forum/forum.php?forum_id=2146 http://www.mandriva.com/security/advisories?name=MDVSA-2009:110 http://www.securityfocus.com/bid/34916 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-2379`	vulnerable	2026-06-08 04:50:23.778330	Details available Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. Published: 2008-12-05T00:00:00.000Z Updated: 2024-08-07T08:58:02.253Z Open on db.gcve.eu Reference links https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764 http://secunia.com/advisories/33937 http://secunia.com/advisories/33071 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html http://secunia.com/advisories/33054	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-6348`	vulnerable	2026-06-08 04:50:08.594944	Details available SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code. Published: 2007-12-14T19:00:00.000Z Updated: 2024-08-07T16:02:36.366Z Open on db.gcve.eu Reference links http://marc.info/?l=squirrelmail-devel&m=119765235203392&w=2 http://www.securityfocus.com/archive/1/485037/100/0/threaded http://marc.info/?l=bugtraq&m=119765643909825&w=2 http://secunia.com/advisories/28095 http://www.squirrelmail.org/index.php	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Squirrelmail

PURL mappings

Vulnerability references

Contribute