CVE-2002-1341 - Vulnerability Details - OpenCVE

Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Linux
Squirrelmail	Squirrelmail

Configuration 1 [-]

OR	cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:::::::*
	cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:::::::*

Package	CPE	Advisory	Released Date
Red Hat Linux 8.0
	cpe:/o:redhat:linux:8.0	RHSA-2003:042	2003-03-05T00:00:00Z

References

Link	Providers
http://f0kp.iplus.ru/bz/008.txt
http://marc.info/?l=bugtraq&m=103893844126484&w=2
http://marc.info/?l=bugtraq&m=103911130503272&w=2
http://marc.info/?l=bugtraq&m=104004924002662&w=2
http://secunia.com/advisories/8220
http://www.debian.org/security/2002/dsa-220
http://www.redhat.com/support/errata/RHSA-2003-042.html
http://www.securityfocus.com/bid/6302
https://exchange.xforce.ibmcloud.com/vulnerabilities/10754
https://nvd.nist.gov/vuln/detail/CVE-2002-1341
https://www.cve.org/CVERecord?id=CVE-2002-1341

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-12-11T05:00:00

Updated: 2024-08-08T03:19:28.649Z

Reserved: 2002-12-05T00:00:00

Link: CVE-2002-1341

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2002-12-18T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2002-1341

Redhat

Severity :

Publid Date: 2002-12-03T00:00:00Z

Links: CVE-2002-1341 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-12-03T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20021215 GLSA: squirrelmail", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=104004924002662&w=2"}, {"name": "squirrelmail-readbody-xss(10754)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10754"}, {"name": "6302", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/6302"}, {"name": "20021203 SquirrelMail v1.2.9 XSS bugs", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=103893844126484&w=2"}, {"name": "20021203 Re: SquirrelMail v1.2.9 XSS bugs", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=103911130503272&w=2"}, {"name": "DSA-220", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2002/dsa-220"}, {"name": "8220", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/8220"}, {"tags": ["x_refsource_MISC"], "url": "http://f0kp.iplus.ru/bz/008.txt"}, {"name": "RHSA-2003:042", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2003-042.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1341", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20021215 GLSA: squirrelmail", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=104004924002662&w=2"}, {"name": "squirrelmail-readbody-xss(10754)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10754"}, {"name": "6302", "refsource": "BID", "url": "http://www.securityfocus.com/bid/6302"}, {"name": "20021203 SquirrelMail v1.2.9 XSS bugs", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=103893844126484&w=2"}, {"name": "20021203 Re: SquirrelMail v1.2.9 XSS bugs", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=103911130503272&w=2"}, {"name": "DSA-220", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2002/dsa-220"}, {"name": "8220", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/8220"}, {"name": "http://f0kp.iplus.ru/bz/008.txt", "refsource": "MISC", "url": "http://f0kp.iplus.ru/bz/008.txt"}, {"name": "RHSA-2003:042", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-042.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T03:19:28.649Z"}, "title": "CVE Program Container", "references": [{"name": "20021215 GLSA: squirrelmail", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=104004924002662&w=2"}, {"name": "squirrelmail-readbody-xss(10754)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10754"}, {"name": "6302", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/6302"}, {"name": "20021203 SquirrelMail v1.2.9 XSS bugs", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=103893844126484&w=2"}, {"name": "20021203 Re: SquirrelMail v1.2.9 XSS bugs", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=103911130503272&w=2"}, {"name": "DSA-220", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2002/dsa-220"}, {"name": "8220", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/8220"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://f0kp.iplus.ru/bz/008.txt"}, {"name": "RHSA-2003:042", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2003-042.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1341", "datePublished": "2002-12-11T05:00:00", "dateReserved": "2002-12-05T00:00:00", "dateUpdated": "2024-08-08T03:19:28.649Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "69A941FF-423E-49C5-AE1F-FE7ED016CA3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "B34FDB1D-881B-4343-A76E-F23B93A0469A", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "1E4DCB20-2A7F-4EE4-BAFA-AD74CD4456AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "052914F8-B52C-4AB4-8F85-68D788B588C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "617C554F-8E7D-4F8A-AF63-C193934C8215", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en read_body.php de SquirrelMail 1.2.10, 1.2.9, y anteriores, permite a atacantes remotos la inserci\u00f3n de rutinas y c\u00f3digo HTML mediante:\r\n\r\nmailbox\r\npar\u00e1metros passed_id"}], "id": "CVE-2002-1341", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-12-18T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://f0kp.iplus.ru/bz/008.txt"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=103893844126484&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=103911130503272&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=104004924002662&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/8220"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2002/dsa-220"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2003-042.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/6302"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10754"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://f0kp.iplus.ru/bz/008.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=103893844126484&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=103911130503272&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=104004924002662&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/8220"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2002/dsa-220"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2003-042.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/6302"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10754"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}