SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties





Junk Email Filter






Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Security

XSS vulnerability in incoming email headers

Date:
2004-04-03
Description:
Cross site scripting vulnerability that allowed JavaScript execution by sending someone an email with specially crafted headers.
Affected Versions:
<= 1.4.0-RC2a
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
n/a
Patch:
n/a
Credits:
Thanks go to Jason Munro and Masato Higashiyama.
This page last updated:
2006-07-09 15:54:26
© 1999-2010 by The SquirrelMail Project Team