Cross site scripting in HTML filter
- A cross-site scripting (XSS) vulnerability was discovered, which allows to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. This can be triggered when viewing a malicious email message in HTML mode.
- Affected Versions:
- 1.4.0 - 1.4.16
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- view patch
- Thanks to Ivan Markovic and Secunia.
- This page last updated:
- 2008-12-07 14:47:11