XSS vulnerability in decodeHeader()
- There is a cross site scripting issue in the decoding of encoded text in certain headers. SquirrelMail correctly decodes the specially crafted header, but doesn't sanitize the decoded strings. This concerns the decodeHeader() function in functions/mime.php.
- Affected Versions:
- <= 1.4.3a
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- view patch
- Special thanks go to Joost Pol for notifying us about this issue.
- This page last updated:
- 2006-07-09 15:53:49