Disputed: search.php cross site scripting
- There's been a report that there's a cross-site scripting (XSS) vulnerability in search.php, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.
We don't believe this is the case and haven't seen any evidence, but the code is tightened to be very sure, since 1.4.7.
- Affected Versions:
- Register Globals:
- This requires the PHP register_globals setting to be On, a setting both PHP and SquirrelMail highly discourage.
- CVE ID(s):
- This page last updated:
- 2006-07-09 16:04:15