Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties
Junk Email Filter
|
Security
XSS vulnerability in message display
- Date:
- 2019-07-01
- Description:
- SquirrelMail versions 1.4.22 and below are vulnerable to some specially crafted XSS attacks when users view messages in HTML format. Certain HTML tags were not previously filtered correctly.
- Affected Versions:
- <= 1.4.22
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- CVE-2019-12970
- Patch:
- view patch
- Credits:
- Moritz Bechler, SySS GmbH
- This page last updated:
- 2019-07-23 00:00:00
|