CVE-2004-1036

Publication date 1 March 2005

Last updated 17 July 2025

Ubuntu priority

Description

Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
squirrelmail	7.04 feisty	Fixed 1.4.9a-1ubuntu0.1
	6.10 edgy	Fixed 1.4.8-1ubuntu0.1
	6.06 LTS dapper	Fixed 1.4.6-1ubuntu0.1

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2004-1036