Vulnerability-Lookup

FKIE_CVE-2006-6142

Vulnerability from fkie_nvd - Published: 2006-12-05 11:28 - Updated: 2026-04-23 00:35

Severity

Summary

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."

References

	URL	Tags
	cve@mitre.org	ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
	cve@mitre.org	http://docs.info.apple.com/article.html?artnum=306172
	cve@mitre.org	http://fedoranews.org/cms/node/2438
	cve@mitre.org	http://fedoranews.org/cms/node/2439
	cve@mitre.org	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
	cve@mitre.org	http://secunia.com/advisories/23195
	cve@mitre.org	http://secunia.com/advisories/23322
	cve@mitre.org	http://secunia.com/advisories/23409
	cve@mitre.org	http://secunia.com/advisories/23504
	cve@mitre.org	http://secunia.com/advisories/23811
	cve@mitre.org	http://secunia.com/advisories/24004
	cve@mitre.org	http://secunia.com/advisories/24284
	cve@mitre.org	http://secunia.com/advisories/26235
	cve@mitre.org	http://securitytracker.com/id?1017327
	cve@mitre.org	http://sourceforge.net/project/shownotes.php?release_id=468482
	cve@mitre.org	http://squirrelmail.org/security/issue/2006-12-02
	cve@mitre.org	http://www.debian.org/security/2006/dsa-1241
	cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2006:226
	cve@mitre.org	http://www.novell.com/linux/security/advisories/2006_29_sr.html
	cve@mitre.org	http://www.novell.com/linux/security/advisories/2007_4_sr.html
	cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2007-0022.html
	cve@mitre.org	http://www.securityfocus.com/bid/21414
	cve@mitre.org	http://www.securityfocus.com/bid/25159
	cve@mitre.org	http://www.vupen.com/english/advisories/2006/4828
	cve@mitre.org	http://www.vupen.com/english/advisories/2007/2732
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/30693
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/30694
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/30695
	cve@mitre.org	https://issues.rpath.com/browse/RPL-849
	cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988
	af854a3a-2127-422b-91ae-364da2661108	ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
	af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=306172
	af854a3a-2127-422b-91ae-364da2661108	http://fedoranews.org/cms/node/2438
	af854a3a-2127-422b-91ae-364da2661108	http://fedoranews.org/cms/node/2439
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23195
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23322
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23409
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23504
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23811
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24004
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24284
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26235
	af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017327
	af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=468482
	af854a3a-2127-422b-91ae-364da2661108	http://squirrelmail.org/security/issue/2006-12-02
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1241
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2006:226
	af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_29_sr.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2007_4_sr.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2007-0022.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/21414
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25159
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4828
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2732
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/30693
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/30694
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/30695
	af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-849
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988

Impacted products

Vendor	Product	Version
squirrelmail	squirrelmail	1.4
squirrelmail	squirrelmail	1.4.1
squirrelmail	squirrelmail	1.4.2
squirrelmail	squirrelmail	1.4.3
squirrelmail	squirrelmail	1.4.3_r3
squirrelmail	squirrelmail	1.4.3_rc1
squirrelmail	squirrelmail	1.4.3aa
squirrelmail	squirrelmail	1.4.4
squirrelmail	squirrelmail	1.4.4_rc1
squirrelmail	squirrelmail	1.4.5
squirrelmail	squirrelmail	1.4.6
squirrelmail	squirrelmail	1.4.6_cvs
squirrelmail	squirrelmail	1.4.6_rc1
squirrelmail	squirrelmail	1.4.7
squirrelmail	squirrelmail	1.4_rc1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "026730B8-3919-4100-8607-C640ADBDD662",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AD31177-05BB-4623-AED7-765DB7E44E47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "20247A22-9AB9-4BCE-BF28-350B52FBC62D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79E6734C-EE1C-40B6-9759-15298707A6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6733B8C-5A9E-45CE-8938-F39A69EB0DC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08E51F1-3764-4146-89C1-20B9B8EE1222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3aa:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4AAFE2B-77AB-4AC3-A22C-C3C256E2E45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF6591E5-5F36-4663-85A6-9D870FD49FC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D062B70A-E5FF-403B-8BD1-777D6462B7CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A884536-4D27-4350-B815-AB4E625879DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_cvs:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD09187-16B2-4A0C-907C-40375E865EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7ED3CC3-E0A8-4C20-9EF7-405CD32E9EF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD89F143-EEBF-472D-9653-E7534F5799FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "442BF5C9-DC58-4A94-A634-33D6A4F3C6DD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving \"a shortcoming in the magicHTML filter.\""
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SquirrelMail 1.4.0 hasta 1.4.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el (1) par\u00e1metro mailto en (a) webmail.php, los par\u00e1metros (2) session y (3) delete_draft en (b) compose.php, y (4) vectores no especificados implicando \"a shortcoming in the magicHTML filter.\""
    }
  ],
  "id": "CVE-2006-6142",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-12-05T11:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://fedoranews.org/cms/node/2438"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://fedoranews.org/cms/node/2439"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23195"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23322"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23409"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23504"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23811"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24004"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24284"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26235"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017327"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://squirrelmail.org/security/issue/2006-12-02"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1241"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/21414"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25159"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4828"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2732"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-849"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://fedoranews.org/cms/node/2438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://fedoranews.org/cms/node/2439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23504"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23811"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24284"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://squirrelmail.org/security/issue/2006-12-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/21414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-849"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
      "lastModified": "2007-03-14T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2006-6142 (GCVE-0-2006-6142)

Vulnerability from cvelistv5 – Published: 2006-12-05 11:00 – Updated: 2024-08-07 20:19

Summary

Severity

No CVSS data available.

CWE

Assigner

mitre

References

30 references

URL	Tags
http://www.vupen.com/english/advisories/2007/2732	vdb-entryx_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://secunia.com/advisories/23195	third-party-advisoryx_refsource_SECUNIA
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://www.redhat.com/support/errata/RHSA-2007-00…	vendor-advisoryx_refsource_REDHAT
http://fedoranews.org/cms/node/2438	vendor-advisoryx_refsource_FEDORA
http://secunia.com/advisories/23409	third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/23504	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/24284	third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://secunia.com/advisories/23322	third-party-advisoryx_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.debian.org/security/2006/dsa-1241	vendor-advisoryx_refsource_DEBIAN
http://fedoranews.org/cms/node/2439	vendor-advisoryx_refsource_FEDORA
http://www.securityfocus.com/bid/21414	vdb-entryx_refsource_BID
http://docs.info.apple.com/article.html?artnum=306172	x_refsource_CONFIRM
http://sourceforge.net/project/shownotes.php?rele…	x_refsource_CONFIRM
http://secunia.com/advisories/24004	third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/25159	vdb-entryx_refsource_BID
ftp://patches.sgi.com/support/free/security/advis…	vendor-advisoryx_refsource_SGI
http://squirrelmail.org/security/issue/2006-12-02	x_refsource_CONFIRM
http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
https://issues.rpath.com/browse/RPL-849	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4828	vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/23811	third-party-advisoryx_refsource_SECUNIA
http://securitytracker.com/id?1017327	vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/26235	third-party-advisoryx_refsource_SECUNIA

Date Public

2006-12-02 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:19:34.493Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2732",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2732"
          },
          {
            "name": "MDKSA-2006:226",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
          },
          {
            "name": "23195",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23195"
          },
          {
            "name": "APPLE-SA-2007-07-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
          },
          {
            "name": "RHSA-2007:0022",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
          },
          {
            "name": "FEDORA-2007-088",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/cms/node/2438"
          },
          {
            "name": "23409",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23409"
          },
          {
            "name": "oval:org.mitre.oval:def:9988",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
          },
          {
            "name": "23504",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23504"
          },
          {
            "name": "24284",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24284"
          },
          {
            "name": "squirrelmail-webmail-compose-xss(30693)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
          },
          {
            "name": "squirrelmail-mimeheader-xss(30695)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
          },
          {
            "name": "23322",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23322"
          },
          {
            "name": "SUSE-SR:2007:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
          },
          {
            "name": "squirrelmail-magichtml-messages-xss(30694)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
          },
          {
            "name": "DSA-1241",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1241"
          },
          {
            "name": "FEDORA-2007-089",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/cms/node/2439"
          },
          {
            "name": "21414",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21414"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=306172"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
          },
          {
            "name": "24004",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24004"
          },
          {
            "name": "25159",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25159"
          },
          {
            "name": "20070201-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://squirrelmail.org/security/issue/2006-12-02"
          },
          {
            "name": "SUSE-SR:2006:029",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-849"
          },
          {
            "name": "ADV-2006-4828",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4828"
          },
          {
            "name": "23811",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23811"
          },
          {
            "name": "1017327",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017327"
          },
          {
            "name": "26235",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26235"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-12-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving \"a shortcoming in the magicHTML filter.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2732",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2732"
        },
        {
          "name": "MDKSA-2006:226",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
        },
        {
          "name": "23195",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23195"
        },
        {
          "name": "APPLE-SA-2007-07-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
        },
        {
          "name": "RHSA-2007:0022",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
        },
        {
          "name": "FEDORA-2007-088",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/cms/node/2438"
        },
        {
          "name": "23409",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23409"
        },
        {
          "name": "oval:org.mitre.oval:def:9988",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
        },
        {
          "name": "23504",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23504"
        },
        {
          "name": "24284",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24284"
        },
        {
          "name": "squirrelmail-webmail-compose-xss(30693)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
        },
        {
          "name": "squirrelmail-mimeheader-xss(30695)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
        },
        {
          "name": "23322",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23322"
        },
        {
          "name": "SUSE-SR:2007:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
        },
        {
          "name": "squirrelmail-magichtml-messages-xss(30694)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
        },
        {
          "name": "DSA-1241",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1241"
        },
        {
          "name": "FEDORA-2007-089",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/cms/node/2439"
        },
        {
          "name": "21414",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21414"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=306172"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
        },
        {
          "name": "24004",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24004"
        },
        {
          "name": "25159",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25159"
        },
        {
          "name": "20070201-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://squirrelmail.org/security/issue/2006-12-02"
        },
        {
          "name": "SUSE-SR:2006:029",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-849"
        },
        {
          "name": "ADV-2006-4828",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4828"
        },
        {
          "name": "23811",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23811"
        },
        {
          "name": "1017327",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017327"
        },
        {
          "name": "26235",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26235"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-6142",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving \"a shortcoming in the magicHTML filter.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2732",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2732"
            },
            {
              "name": "MDKSA-2006:226",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:226"
            },
            {
              "name": "23195",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23195"
            },
            {
              "name": "APPLE-SA-2007-07-31",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
            },
            {
              "name": "RHSA-2007:0022",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0022.html"
            },
            {
              "name": "FEDORA-2007-088",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/cms/node/2438"
            },
            {
              "name": "23409",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23409"
            },
            {
              "name": "oval:org.mitre.oval:def:9988",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988"
            },
            {
              "name": "23504",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23504"
            },
            {
              "name": "24284",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24284"
            },
            {
              "name": "squirrelmail-webmail-compose-xss(30693)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30693"
            },
            {
              "name": "squirrelmail-mimeheader-xss(30695)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30695"
            },
            {
              "name": "23322",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23322"
            },
            {
              "name": "SUSE-SR:2007:004",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
            },
            {
              "name": "squirrelmail-magichtml-messages-xss(30694)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30694"
            },
            {
              "name": "DSA-1241",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1241"
            },
            {
              "name": "FEDORA-2007-089",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/cms/node/2439"
            },
            {
              "name": "21414",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21414"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=306172",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=306172"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=468482",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=468482"
            },
            {
              "name": "24004",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24004"
            },
            {
              "name": "25159",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25159"
            },
            {
              "name": "20070201-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc"
            },
            {
              "name": "http://squirrelmail.org/security/issue/2006-12-02",
              "refsource": "CONFIRM",
              "url": "http://squirrelmail.org/security/issue/2006-12-02"
            },
            {
              "name": "SUSE-SR:2006:029",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_29_sr.html"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-849",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-849"
            },
            {
              "name": "ADV-2006-4828",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4828"
            },
            {
              "name": "23811",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23811"
            },
            {
              "name": "1017327",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017327"
            },
            {
              "name": "26235",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26235"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-6142",
    "datePublished": "2006-12-05T11:00:00.000Z",
    "dateReserved": "2006-11-28T00:00:00.000Z",
    "dateUpdated": "2024-08-07T20:19:34.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2006-6142

CVE-2006-6142 (GCVE-0-2006-6142)

Tags

Sightings

Nomenclature