Unrated severityNVD Advisory· Published Aug 18, 2004· Updated Apr 16, 2026

CVE-2004-0519

Description

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.

Affected products

Sgi/Propack
cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*
SquirrelMail/Squirrelmail17 versions
cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:squirrelmail:squirrelmail:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

patches.sgi.com/support/free/security/advisories/20040604-01-U.ascnvdPatch
rhn.redhat.com/errata/RHSA-2004-240.htmlnvdPatchVendor Advisory
secunia.com/advisories/11531nvdPatchVendor Advisory
secunia.com/advisories/11686nvdPatchVendor Advisory
secunia.com/advisories/11870nvdPatchVendor Advisory
secunia.com/advisories/12289nvdPatch
www.debian.org/security/2004/dsa-535nvdPatchVendor Advisory
www.securityfocus.com/advisories/6827nvdPatchVendor Advisory
bugzilla.fedora.us/show_bug.cginvdPatch
www.securityfocus.com/bid/10246nvdExploitPatch
security.gentoo.org/glsa/glsa-200405-16.xmlnvdVendor Advisory
www.novell.com/linux/security/advisories/2005_19_sr.htmlnvdVendor Advisory
distro.conectiva.com.br/atualizacoes/nvd
marc.infonvd
www.securityfocus.com/archive/1/361857nvd
exchange.xforce.ibmcloud.com/vulnerabilities/16025nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1006nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10274nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000