Security

XSS vulnerability in incoming email headers

Date:

2004-04-03

Description:

Cross site scripting vulnerability that allowed JavaScript execution by sending someone an email with specially crafted headers.

Affected Versions:

<= 1.4.0-RC2a

Register Globals:

Register_globals does not have to be on for this issue.

CVE ID(s):

n/a

Patch:

n/a

Credits:

Thanks go to Jason Munro and Masato Higashiyama.

This page last updated:

2006-07-09 15:54:26