CVE-2011-2753

SquirrelMail < 1.4.21 - Cross-Site Request Forgery via Empty Trash and Index Order

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555.

References (6)

Core 6
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2291
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:123
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0103.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68586

Scores

EPSS 0.0108
EPSS Percentile 61.2%

Details

CWE
CWE-352
Status published
Products (47)
squirrelmail/squirrelmail 0.1
squirrelmail/squirrelmail 0.1.1
squirrelmail/squirrelmail 0.1.2
squirrelmail/squirrelmail 0.2
squirrelmail/squirrelmail 0.2.1
squirrelmail/squirrelmail 0.3
squirrelmail/squirrelmail 0.3.1
squirrelmail/squirrelmail 0.3pre1
squirrelmail/squirrelmail 0.3pre2
squirrelmail/squirrelmail 0.4
... and 37 more
Published Jul 17, 2011
Tracked Since Feb 18, 2026