Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties
Junk Email Filter
|
Security
Multiple XSS vulnerabilities
- Date:
- 2019-02-26
- Description:
- SquirrelMail versions 1.4.22 and below are vulnerable to some specially crafted XSS attacks when users view messages in HTML format. Certain HTML tag attributes were not previously filtered from display. SVG objects were also found to be problematic in regard to privacy and security and as of this fix are no longer displayed by default.
- Affected Versions:
- <= 1.4.22
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- CVE-2018-14950
CVE-2018-14951
CVE-2018-14952
CVE-2018-14953
CVE-2018-14954
CVE-2018-14955
- Patch:
- view patch
- Credits:
- liuzhu
- This page last updated:
- 2019-02-26 00:00:00
|
