SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties





Junk Email Filter






Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Security

Cross site scripting in HTML filter

Date:
2008-12-04
Description:
A cross-site scripting (XSS) vulnerability was discovered, which allows to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. This can be triggered when viewing a malicious email message in HTML mode.
Affected Versions:
1.4.0 - 1.4.16
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
CVE-2008-2379
Patch:
view patch
Credits:
Thanks to Ivan Markovic and Secunia.
This page last updated:
2008-12-07 14:47:11
© 1999-2010 by The SquirrelMail Project Team