Unrated severityNVD Advisory· Published Aug 18, 2004· Updated Apr 16, 2026
CVE-2004-0520
CVE-2004-0520
Description
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
Affected products
21cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*
- cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*
- cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*
cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:squirrelmail:squirrelmail:1.5_dev:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- patches.sgi.com/support/free/security/advisories/20040604-01-U.ascnvdPatch
- rhn.redhat.com/errata/RHSA-2004-240.htmlnvdPatchVendor Advisory
- secunia.com/advisories/11870nvdPatchVendor Advisory
- secunia.com/advisories/12289nvdPatchVendor Advisory
- www.debian.org/security/2004/dsa-535nvdPatchVendor Advisory
- www.securityfocus.com/advisories/6827nvdPatchVendor Advisory
- bugzilla.fedora.us/show_bug.cginvdPatch
- www.securityfocus.com/bid/10439nvdExploitPatch
- www.gentoo.org/security/en/glsa/glsa-200406-08.xmlnvdVendor Advisory
- www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txtnvdVendor Advisory
- distro.conectiva.com.br/atualizacoes/nvd
- marc.infonvd
- marc.infonvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1012nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10766nvd
News mentions
0No linked articles in our index yet.