2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2006-0195" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2006-02-24T00:02:00.000" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T00:05:53.743" ,
2023-04-24 12:24:31 +02:00
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) \"/*\" and \"*/\" comments, or (2) a newline in a \"url\" specifier, which is processed by certain web browsers including Internet Explorer."
}
] ,
"metrics" : {
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 4.3 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "PARTIAL" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 8.6 ,
"impactScore" : 2.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "NVD-CWE-Other"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "026730B8-3919-4100-8607-C640ADBDD662"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4AD31177-05BB-4623-AED7-765DB7E44E47"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "20247A22-9AB9-4BCE-BF28-350B52FBC62D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "79E6734C-EE1C-40B6-9759-15298707A6F5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_r3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F6733B8C-5A9E-45CE-8938-F39A69EB0DC1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B08E51F1-3764-4146-89C1-20B9B8EE1222"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:squirrelmail:squirrelmail:1.4.3a:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CD4071B2-3D4F-4755-98B1-E28CEB05EA8B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BF6591E5-5F36-4663-85A6-9D870FD49FC7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:squirrelmail:squirrelmail:1.4.4_rc1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D062B70A-E5FF-403B-8BD1-777D6462B7CC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:squirrelmail:squirrelmail:1.4.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4D4CFD4D-EAC3-4325-A87F-9D5F4C513208"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:squirrelmail:squirrelmail:1.4.6_rc1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C7ED3CC3-E0A8-4C20-9EF7-405CD32E9EF7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:squirrelmail:squirrelmail:1.4_rc1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "442BF5C9-DC58-4A94-A634-33D6A4F3C6DD"
}
]
}
]
}
] ,
"references" : [
{
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" ,
"source" : "cve@mitre.org"
} ,
2024-04-04 08:46:00 +00:00
{
"url" : "http://secunia.com/advisories/18985" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "http://secunia.com/advisories/19130" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://secunia.com/advisories/19131" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://secunia.com/advisories/19176" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://secunia.com/advisories/19205" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://secunia.com/advisories/19960" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://secunia.com/advisories/20210" ,
"source" : "cve@mitre.org"
} ,
2023-04-24 12:24:31 +02:00
{
"url" : "http://securitytracker.com/id?1015662" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://www.debian.org/security/2006/dsa-988" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://www.novell.com/linux/security/advisories/2006_05_sr.html" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0283.html" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://www.securityfocus.com/bid/16756" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://www.squirrelmail.org/security/issue/2006-02-10" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://www.vupen.com/english/advisories/2006/0689" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24848" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9548" ,
"source" : "cve@mitre.org"
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://secunia.com/advisories/18985" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "http://secunia.com/advisories/19130" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://secunia.com/advisories/19131" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://secunia.com/advisories/19176" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://secunia.com/advisories/19205" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://secunia.com/advisories/19960" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://secunia.com/advisories/20210" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://securitytracker.com/id?1015662" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.debian.org/security/2006/dsa-988" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.novell.com/linux/security/advisories/2006_05_sr.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0283.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.securityfocus.com/bid/16756" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.squirrelmail.org/security/issue/2006-02-10" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.vupen.com/english/advisories/2006/0689" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24848" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9548" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
2023-04-24 12:24:31 +02:00
}
]
}
