SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
UPDATE YOUR
EMAIL SECURITY
"IUEU"

Security

Possible XSS through right_frame parameter in webmail.php

Date:
2006-02-01
Description:
The right_frame parameter in webmail.php was not properly sanitized, and could allow for an attacker to replace the right frame of a tricked user with content from another host within the SquirrelMail interface. Some of the attack vectors are only possible with Internet Explorer.
Affected Versions:
<= 1.4.5
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
CVE-2006-0188
Patch:
view patch
Credits:
Thanks to Martijn Brinkers and Ben Maurer who both found out about this issue separately.
This page last updated:
2007-07-03 12:59:40
© 1999-2010 by The SquirrelMail Project Team