SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Security

XSS vulnerability in incoming email headers

Date:
2004-04-03
Description:
Cross site scripting vulnerability that allowed JavaScript execution by sending someone an email with specially crafted headers.
Affected Versions:
<= 1.4.0-RC2a
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
n/a
Patch:
n/a
Credits:
Thanks go to Jason Munro and Masato Higashiyama.
This page last updated:
2006-07-09 15:54:26
© 1999-2010 by The SquirrelMail Project Team