Your submission was sent successfully! Close

CVE-2018-14952

Published: 5 August 2018

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
squirrelmail
Launchpad, Ubuntu, Debian
bionic Does not exist

precise Does not exist

trusty Does not exist
(trusty was released [2:1.4.23~svn20120406-2+deb8u3build0.14.04.1])
upstream
Released (2:1.4.23~svn20120406-2+deb8u3)
xenial
Released (2:1.4.23~svn20120406-2+deb8u3ubuntu0.16.04.1)