SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
UPDATE YOUR
EMAIL SECURITY
"IUEU"

Security

Cross site scripting issues in decrypt_headers.php

Date:
2009-05-09
Description:
An issue was fixed wherein input to the contrib/decrypt_headers.php script was not sanitized and allowed arbitrary script execution upon submission of certain values.
Affected Versions:
<= 1.4.17
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
CVE-2009-1578
Patch:
view patch
Credits:
Niels Teusink
This page last updated:
2009-05-09 00:00:00
© 1999-2010 by The SquirrelMail Project Team