CVE-2018-14952

Published: 05 August 2018

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
squirrelmail
Launchpad, Ubuntu, Debian
Upstream
Released (2:1.4.23~svn20120406-2+deb8u3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus)
Released (2:1.4.23~svn20120406-2+deb8u3ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2:1.4.23~svn20120406-2+deb8u3build0.14.04.1])