GCVE - cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*

part: a version: 1.4.7 update: *

Vendor	Squirrelmail (`53f64d69-42c3-5c49-8690-e66c5b6ca053`)
Product	Squirrelmail (`2ace0a45-e551-5a60-86d7-16eaf090c4a3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/realityripple/squirrelmail`	purl2cpe	2026-06-01 10:18:11.053797
`pkg:rpm/fedora/squirrelmail`	purl2cpe	2026-06-01 10:18:11.053798
`pkg:rpm/opensuse/squirrelmail`	purl2cpe	2026-06-01 10:18:11.053800
`pkg:sourceforge/squirrelmail`	purl2cpe	2026-06-01 10:18:11.053801

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-2753`	vulnerable	2026-06-08 04:58:09.080187	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555. Published: 2011-07-17T20:00:00.000Z Updated: 2024-08-06T23:08:24.126Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119 https://bugzilla.redhat.com/show_bug.cgi?id=720694 http://rhn.redhat.com/errata/RHSA-2012-0103.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2752`	vulnerable	2026-06-08 04:58:09.077818	Details available CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555. Published: 2011-07-17T20:00:00.000Z Updated: 2024-08-06T23:08:23.802Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 https://exchange.xforce.ibmcloud.com/vulnerabilities/68587 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://www.squirrelmail.org/security/issue/2011-07-11 http://rhn.redhat.com/errata/RHSA-2012-0103.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2023`	vulnerable	2026-06-08 04:58:03.524484	Details available Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message. Published: 2011-07-14T23:00:00.000Z Updated: 2024-08-06T22:46:00.972Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 http://support.apple.com/kb/HT5130 http://www.squirrelmail.org/security/issue/2011-07-10 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-4555`	vulnerable	2026-06-08 04:56:29.190891	Details available Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page. Published: 2011-07-14T23:00:00.000Z Updated: 2024-08-07T03:51:17.937Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 http://support.apple.com/kb/HT5130 https://exchange.xforce.ibmcloud.com/vulnerabilities/68510 https://exchange.xforce.ibmcloud.com/vulnerabilities/68511 http://www.mandriva.com/security/advisories?name=MDVSA-2011:123	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-4554`	vulnerable	2026-06-08 04:56:29.177465	Details available functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. Published: 2011-07-14T23:00:00.000Z Updated: 2024-08-07T03:51:17.299Z Open on db.gcve.eu Reference links http://www.debian.org/security/2011/dsa-2291 https://exchange.xforce.ibmcloud.com/vulnerabilities/68512 http://support.apple.com/kb/HT5130 http://www.squirrelmail.org/security/issue/2011-07-12 https://bugzilla.redhat.com/show_bug.cgi?id=720693	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2813`	vulnerable	2026-06-08 04:55:10.833166	Details available functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files. Published: 2010-08-19T17:43:00.000Z Updated: 2024-08-07T02:46:48.556Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html http://support.apple.com/kb/HT5130 https://exchange.xforce.ibmcloud.com/vulnerabilities/61124 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-2964`	vulnerable	2026-06-08 04:51:31.597962	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php. Published: 2009-08-25T17:00:00.000Z Updated: 2024-08-07T06:07:37.413Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html https://gna.org/forum/forum.php?forum_id=2146 http://www.vupen.com/english/advisories/2010/1481 http://download.gna.org/nasmail/nasmail-1.7.zip	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1580`	vulnerable	2026-06-08 04:51:24.131010	Details available Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. Published: 2009-05-14T17:00:00.000Z Updated: 2024-08-07T05:20:34.615Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:110 http://www.securityfocus.com/bid/34916 http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog http://www.vupen.com/english/advisories/2010/1481	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-2379`	vulnerable	2026-06-08 04:50:23.775254	Details available Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. Published: 2008-12-05T00:00:00.000Z Updated: 2024-08-07T08:58:02.253Z Open on db.gcve.eu Reference links https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764 http://secunia.com/advisories/33937 http://secunia.com/advisories/33071 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html http://secunia.com/advisories/33054	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-2589`	vulnerable	2026-06-08 04:49:45.523990	Details available Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element. Published: 2007-05-11T03:55:00.000Z Updated: 2024-08-07T13:42:33.564Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2007/2732 http://secunia.com/advisories/25200 http://www.vupen.com/english/advisories/2007/1748 http://secunia.com/advisories/25320 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-1262`	vulnerable	2026-06-08 04:49:41.899349	Details available Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. Published: 2007-05-11T03:55:00.000Z Updated: 2024-08-07T12:50:35.193Z Open on db.gcve.eu Reference links http://www.debian.org/security/2007/dsa-1290 http://www.vupen.com/english/advisories/2007/2732 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11712 http://secunia.com/advisories/25200 http://www.vupen.com/english/advisories/2007/1748	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-6142`	vulnerable	2026-06-08 04:49:22.170460	Details available Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter." Published: 2006-12-05T11:00:00.000Z Updated: 2024-08-07T20:19:34.493Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2007/2732 http://www.mandriva.com/security/advisories?name=MDKSA-2006:226 http://secunia.com/advisories/23195 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://www.redhat.com/support/errata/RHSA-2007-0022.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-4019`	vulnerable	2026-06-08 04:49:10.725301	Details available Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. Published: 2006-08-11T21:00:00.000Z Updated: 2024-08-07T18:57:43.887Z Open on db.gcve.eu Reference links http://secunia.com/advisories/21586 https://issues.rpath.com/browse/RPL-577 http://www.vupen.com/english/advisories/2007/2732 http://www.debian.org/security/2006/dsa-1154 http://secunia.com/advisories/21354	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.