CVE-2002-1131

EXPLOITED NUCLEI

SquirrelMail <1.2.7 - XSS

Title source: llm

Description

Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by DarC KonQuest · textwebappsphp
https://www.exploit-db.com/exploits/21811

Nuclei Templates (1)

SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting
HIGHby dhiyaneshDk,s4e-io
Shodan: http.title:"squirrelmail" || cpe:"cpe:2.3:a:squirrelmail:squirrelmail"
FOFA: title="squirrelmail"

References (6)

Scores

EPSS 0.0335
EPSS Percentile 87.4%

Details

VulnCheck KEV 2025-06-07
Status published
Products (1)
squirrelmail/squirrelmail < 1.2.7
Published Oct 04, 2002
Tracked Since Feb 18, 2026