Possible XSS through right_frame parameter in webmail.php
- The right_frame parameter in webmail.php was not properly sanitized, and could allow for an attacker to replace the right frame of a tricked user with content from another host within the SquirrelMail interface. Some of the attack vectors are only possible with Internet Explorer.
- Affected Versions:
- <= 1.4.5
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- view patch
- Thanks to Martijn Brinkers and Ben Maurer who both found out about this issue separately.
- This page last updated:
- 2007-07-03 12:59:40