SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
UPDATE YOUR
EMAIL SECURITY
"IUEU"

Security

Disputed: search.php cross site scripting

Date:
2006-06-22
Description:
There's been a report that there's a cross-site scripting (XSS) vulnerability in search.php, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.

We don't believe this is the case and haven't seen any evidence, but the code is tightened to be very sure, since 1.4.7.
Affected Versions:
none
Register Globals:
This requires the PHP register_globals setting to be On, a setting both PHP and SquirrelMail highly discourage.
CVE ID(s):
CVE-2006-3174
Patch:
n/a
Credits:
This page last updated:
2006-07-09 16:04:15
© 1999-2010 by The SquirrelMail Project Team