SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
UPDATE YOUR
EMAIL SECURITY
"IUEU"

Security

Cross-site scripting vulnerability in the Autocomplete plugin

Date:
2012-03-09
Description:
A malicious user that can convince any other user to add some specially-formatted contact details into the victim's address book would have the ability to run script code in the victim's browser, potentially exposing the victim's account or account data to the attacker.
Affected Versions:
< 3.0
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
CVE-2012-0323
Patch:
n/a
Credits:
Masaki Konishi & JPCERTT/CC
This page last updated:
2012-03-09 00:00:00
© 1999-2010 by The SquirrelMail Project Team