VDB
GCVE-110-MAGEIA-2021-10
GCVE-110-MAGEIA-2021-10
Advisory Published
XSS was discovered in SquirrelMail through 1.4.22. Due to improper handling of
RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be
bypassed. Malicious script content from HTML e-mail can be executed within the
application context via crafted use of (for example) a NOEMBED, NOFRAMES,
NOSCRIPT, or TEXTAREA element ().
An unsafe use of unserialize() in compose.php has also been fixed.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | squirrelmail | 0 (affected), 1.4.23-0.svn20201220_0200.1.mga7 (unaffected), 0 (affected), 1.4.23-0.svn20201220_0200.1.mga7 (unaffected) | — |
| Mageia | warzone2100 | 0 (affected), 3.4.1-1.mga7 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.