Unrated severityNVD Advisory· Published Oct 4, 2002· Updated Apr 16, 2026

CVE-2002-1131

Description

Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.

Affected products

SquirrelMail/Squirrelmail
cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*
Range: <=1.2.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.redhat.com/support/errata/RHSA-2002-204.htmlnvdPatchVendor Advisory
archives.neohapsis.com/archives/bugtraq/2002-09/0246.htmlnvdExploitVendor Advisory
www.securityfocus.com/bid/5763nvdExploitPatchVendor Advisory
www.iss.net/security_center/static/10145.phpnvdVendor Advisory
sourceforge.net/project/shownotes.phpnvd
www.debian.org/security/2002/dsa-191nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000