squirrelmail: multiple cross-site scripting vulnerabilities [LWN.net]

Package(s):

squirrelmail

CVE #(s):

CVE-2006-6142

Created:

December 11, 2006

Updated:

January 31, 2007

Description:

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the mailto parameter in webmail.php, the session and delete_draft parameters in compose.php, and unspecified vectors involving "a shortcoming in the magicHTML filter."

Alerts:

Red Hat	RHSA-2007:0022-01	2007-01-31
Fedora	FEDORA-2007-089	2007-01-17
Fedora	FEDORA-2007-088	2007-01-17
Debian	DSA-1241-1	2006-12-25
rPath	rPSA-2006-0231-1	2006-12-12
Mandriva	MDKSA-2006:226	2006-12-11

(Log in to post comments)