Unrated severityNVD Advisory· Published Jun 23, 2006· Updated Jun 16, 2026
CVE-2006-3174
CVE-2006-3174
Description
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*range: <=1.5.1
- (no CPE)range: <=1.5.1
Patches
Vulnerability mechanics
References
10- docs.info.apple.com/article.htmlnvd
- lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlnvd
- pridels0.blogspot.com/2006/06/squirrelmail-151-xss-vuln.htmlnvd
- secunia.com/advisories/26235nvd
- www.mandriva.com/security/advisoriesnvd
- www.osvdb.org/26610nvd
- www.securityfocus.com/bid/18700nvd
- www.securityfocus.com/bid/25159nvd
- www.vupen.com/english/advisories/2007/2732nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/26941nvd
News mentions
0No linked articles in our index yet.