SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Security

Cross site scripting in HTML filter

Date:
2008-12-04
Description:
A cross-site scripting (XSS) vulnerability was discovered, which allows to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. This can be triggered when viewing a malicious email message in HTML mode.
Affected Versions:
1.4.0 - 1.4.16
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
CVE-2008-2379
Patch:
view patch
Credits:
Thanks to Ivan Markovic and Secunia.
This page last updated:
2008-12-07 14:47:11
© 1999-2010 by The SquirrelMail Project Team