Security

Multiple cross site scripting issues

Date:

2009-05-08

Description:

Two issues were fixed that both allowed an attacker to run arbitrary script (XSS) on most any SquirrelMail page by getting the user to click on specially crafted SquirrelMail links.

Affected Versions:

<= 1.4.17

Register Globals:

Register_globals does not have to be on for this issue.

CVE ID(s):

CVE-2009-1578

Patch:

view patch

Credits:

Niels Teusink and Christian Balzer

This page last updated:

2009-05-08 00:00:00