VDB

GCVE-110-MAGEIA-2021-10

GCVE-110-MAGEIA-2021-10
Advisory Published
Vulnetix · Advisory published January 8, 2021
XSS was discovered in SquirrelMail through 1.4.22. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element (). An unsafe use of unserialize() in compose.php has also been fixed.

Affected Products

VendorProductVersionsPlatforms
Mageiasquirrelmail0 (affected), 1.4.23-0.svn20201220_0200.1.mga7 (unaffected), 0 (affected), 1.4.23-0.svn20201220_0200.1.mga7 (unaffected)
Mageiawarzone21000 (affected), 3.4.1-1.mga7 (unaffected)

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›