Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties
Junk Email Filter
|
Security
Possible XSS through right_frame parameter in webmail.php
- Date:
- 2006-02-01
- Description:
- The right_frame parameter in webmail.php was not properly sanitized, and could allow for an attacker to replace the right frame of a tricked user with content from another host within the SquirrelMail interface. Some of the attack vectors are only possible with Internet Explorer.
- Affected Versions:
- <= 1.4.5
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- CVE-2006-0188
- Patch:
- view patch
- Credits:
- Thanks to Martijn Brinkers and Ben Maurer who both found out about this issue separately.
- This page last updated:
- 2007-07-03 12:59:40
|