|
| 1 | +[basic] |
| 2 | +description = "SquirrelMail 1.4.2 存在多个跨站脚本(XSS)漏洞,远程攻击者无需身份认证即可通过向 compose.php 等页面的 mailbox 参数等多个攻击向量注入恶意脚本代码。当其他用户访问特制链接时,恶意脚本将在用户浏览器中执行,导致攻击者可窃取用户认证信息或冒充用户执行任意操作。该漏洞影响 SquirrelMail 1.4.2 及之前版本,CVSS 评分 6.8,危害等级中危。建议升级至 SquirrelMail 1.4.3 或更高版本修复此漏洞。" |
| 3 | +published = "2004-08-18T04:00:00.000" |
| 4 | +remediation = "升级至 SquirrelMail 1.4.3a 或更高版本(1.4.2 及之前版本受影响)。Red Hat 用户可通过 RHSA-2004:240 更新至 1.4.3a,Debian 用户通过 DSA-535 更新,Gentoo 用户升级至 >=mail-client/squirrelmail-1.4.3_rc1。如无法升级,可在 php.ini 中关闭 register_globals 以降低攻击面。" |
| 5 | +score = 6.8 |
| 6 | +severity = "MEDIUM" |
| 7 | +sources = ["nuclei"] |
| 8 | +title = "SquirrelMail 1.4.x 跨站脚本漏洞" |
| 9 | +updated = "2026-06-16T22:05:48.060" |
| 10 | + |
| 11 | +[exploit] |
| 12 | +exp_urls = [] |
| 13 | +poc_urls = [] |
| 14 | + |
| 15 | +[id] |
| 16 | +aliases = ["CVE-2004-0519"] |
| 17 | +ave_id = "AVE-2004-0002" |
| 18 | + |
| 19 | +[meta] |
| 20 | +collected_at = "2026-07-15T00:00:00Z" |
| 21 | +status = "completed" |
| 22 | + |
| 23 | +[references] |
| 24 | +urls = [ |
| 25 | + "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858", |
| 26 | + "http://marc.info/?l=bugtraq&m=108334862800260", |
| 27 | + "http://rhn.redhat.com/errata/RHSA-2004-240.html", |
| 28 | + "http://secunia.com/advisories/11531", |
| 29 | + "http://secunia.com/advisories/11686", |
| 30 | + "http://secunia.com/advisories/11870", |
| 31 | + "http://secunia.com/advisories/12289", |
| 32 | + "http://security.gentoo.org/glsa/glsa-200405-16.xml", |
| 33 | + "http://www.debian.org/security/2004/dsa-535", |
| 34 | + "http://www.novell.com/linux/security/advisories/2005_19_sr.html", |
| 35 | + "http://www.securityfocus.com/advisories/6827", |
| 36 | + "http://www.securityfocus.com/archive/1/361857", |
| 37 | + "http://www.securityfocus.com/bid/10246", |
| 38 | + "https://bugzilla.fedora.us/show_bug.cgi?id=1733", |
| 39 | + "https://exchange.xforce.ibmcloud.com/vulnerabilities/16025", |
| 40 | + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1006", |
| 41 | + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10274", |
| 42 | + "https://www.exploit-db.com/exploits/24068", |
| 43 | + "https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2004/CVE-2004-0519.yaml", |
| 44 | + "https://github.com/trickest/cve/blob/a90de4f84b4783951362f491671e1e9decfc17cb/2004/CVE-2004-0519.md", |
| 45 | + "https://github.com/projectdiscovery/nuclei-templates/blob/a5c2e8e4dab8c8e618ba76807c3e07587b7d781a/http/cves/2004/CVE-2004-0519.yaml", |
| 46 | + "https://github.com/ExpLangcn/NucleiTP/blob/2b7ecb9031a6eda4f272793045f29b339d8e0cce/CVES/medium/cve-2004-0519-1306.yaml", |
| 47 | + "https://github.com/sepehrdaddev/zap-scripts/blob/2b63b02ca79cc7f0023cdbab72c5c6c774354b07/active/CVE-2004-0519.js", |
| 48 | + "https://github.com/nomi-sec/NVD-Database/blob/23dc120c34402aaa65883c51c1d03b3cb02c20cb/2004/CVE-2004-0519.json", |
| 49 | + "https://github.com/DefectDojo/django-DefectDojo/blob/619e5656f308396a3cc3a7f039c6426ae98baa17/dojo/tools/nuclei/parser.py", |
| 50 | + "https://github.com/adampielak/nuclei-templates/blob/ac9605f5a915670fd80cb4e1904f4435f1835b65/nuclei-v3/Z/z-11753.yaml", |
| 51 | + "https://github.com/SpeeDr00t/speedr00t.github.com/blob/0380f0c2190556fabe90257cb6c0034a42f68951/securityfocus/0x11000/10246/info.html", |
| 52 | + "https://github.com/lianqingsec/NucleiPocGather/blob/dcce204f62196117b9c95c52d8101ccf7a5d27bc/poc/cve/cve-2004-0519.yaml", |
| 53 | + "https://github.com/rix4uni/nucleihub-templates/blob/579a0234551b9e0e322460a62dc77bd6109e4aff/nucleihub-templates/CVE-2004-0519_3.yaml", |
| 54 | +] |
0 commit comments