Test ID:	1.3.6.1.4.1.25623.1.0.11415
Category:	Web application abuses
Title:	SquirrelMail Cross-Site Scripting Vulnerability
Summary:	The remote host seems to be vulnerable to a security problem in; SquirrelMail. Its script 'read_body.php' didn't filter out user input for; 'filter_dir' and 'mailbox', making an XSS attack possible.
Description:	Summary: The remote host seems to be vulnerable to a security problem in SquirrelMail. Its script 'read_body.php' didn't filter out user input for 'filter_dir' and 'mailbox', making an XSS attack possible. Solution: Upgrade to a newer version of this software CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1276 BugTraq ID: 7019 http://www.securityfocus.com/bid/7019 Debian Security Information: DSA-191 (Google Search) http://www.debian.org/security/2002/dsa-191 http://www.redhat.com/support/errata/RHSA-2003-042.html http://secunia.com/advisories/8220 http://www.iss.net/security_center/static/10634.php Common Vulnerability Exposure (CVE) ID: CVE-2002-1341 BugTraq ID: 6302 http://www.securityfocus.com/bid/6302 Bugtraq: 20021203 Re: SquirrelMail v1.2.9 XSS bugs (Google Search) http://marc.info/?l=bugtraq&m=103911130503272&w=2 Bugtraq: 20021203 SquirrelMail v1.2.9 XSS bugs (Google Search) http://marc.info/?l=bugtraq&m=103893844126484&w=2 Bugtraq: 20021215 GLSA: squirrelmail (Google Search) http://marc.info/?l=bugtraq&m=104004924002662&w=2 Debian Security Information: DSA-220 (Google Search) http://www.debian.org/security/2002/dsa-220 http://f0kp.iplus.ru/bz/008.txt XForce ISS Database: squirrelmail-readbody-xss(10754) https://exchange.xforce.ibmcloud.com/vulnerabilities/10754
Copyright	Copyright (C) 2005 Xue Yong Zhi

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.