Arbitrary HTML and Script Injection in SquirrelMail Mime.php

CVE-2004-0520 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.

Learn more about our Web Application Penetration Testing UK.