Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties
Junk Email Filter
|
Security
XSS vulnerability in Content-Type display in read_body
- Date:
- 2004-05-30
- Description:
- By sending a specially crafted email an attacker could insert HTML code
in the attachment area of read_body.php. The Content-Type header was not
encoded before it was sent to the browser.
- Affected Versions:
- <= 1.4.3-RC1
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- n/a
- Patch:
- view patch
- Credits:
- Discovered by Roman Medina.
- This page last updated:
- 2007-07-03 13:00:45
|
