Exploitation Summary
EIP tracks 1 public exploit for CVE-2004-0639. PoCs published by anonymous.
AI-analyzed exploit summary This exploit demonstrates HTML injection in the 'From' field of SquirrelMail, allowing execution of arbitrary JavaScript. It can be used to steal cookies or redirect users to malicious sites.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.
Exploits (1)
This exploit demonstrates HTML injection in the 'From' field of SquirrelMail, allowing execution of arbitrary JavaScript. It can be used to steal cookies or redirect users to malicious sites.