Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties
Junk Email Filter
|
Security
Cross site scripting in HTML filter
- Date:
- 2008-12-04
- Description:
- A cross-site scripting (XSS) vulnerability was discovered, which allows to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. This can be triggered when viewing a malicious email message in HTML mode.
- Affected Versions:
- 1.4.0 - 1.4.16
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- CVE-2008-2379
- Patch:
- view patch
- Credits:
- Thanks to Ivan Markovic and Secunia.
- This page last updated:
- 2008-12-07 14:47:11
|