.. / CVE-2004-0519

Exploit for SquirrelMail 1.4.x - Folder Name Cross-Site Scripting (CVE-2004-0519)

Description:

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.

Nuclei Template

View the template here CVE-2004-0519.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2004/CVE-2004-0519.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2004-0519
http://marc.info/?l=bugtraq&m=108334862800260
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858
http://security.gentoo.org/glsa/glsa-200405-16.xml
https://www.exploit-db.com/exploits/24068
ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc

.. / CVE-2004-0519 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for SquirrelMail 1.4.x - Folder Name Cross-Site Scripting (CVE-2004-0519)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2004-0519