VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Aug 6, 2004· Updated Apr 16, 2026

CVE-2004-0639

CVE-2004-0639

Description

Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.

Affected products

21
  • Open Webmail/Open Webmail3 versions
    cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:*
    • cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:*
    • cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:*
  • Sgi/Propack
    cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*
  • SquirrelMail/Squirrelmail17 versions
    cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:squirrelmail:squirrelmail:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:squirrelmail:squirrelmail:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:squirrelmail:squirrelmail:1.2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:squirrelmail:squirrelmail:1.2.11:*:*:*:*:*:*:*
    • cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:squirrelmail:squirrelmail:1.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:squirrelmail:squirrelmail:1.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:squirrelmail:squirrelmail:1.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:squirrelmail:squirrelmail:1.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:squirrelmail:squirrelmail:1.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:squirrelmail:squirrelmail:1.2.9:*:*:*:*:*:*:*
    • cpe:2.3:a:squirrelmail:squirrelmail:1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:squirrelmail:squirrelmail:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:squirrelmail:squirrelmail:1.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:squirrelmail:squirrelmail:1.4.3_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:squirrelmail:squirrelmail:1.5_dev:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.