SquirrelMail  
Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties





Junk Email Filter






Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Security

XSS vulnerability in message display

Date:
2019-07-01
Description:
SquirrelMail versions 1.4.22 and below are vulnerable to some specially crafted XSS attacks when users view messages in HTML format. Certain HTML tags were not previously filtered correctly.
Affected Versions:
<= 1.4.22
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
CVE-2019-12970
Patch:
view patch
Credits:
Moritz Bechler, SySS GmbH
This page last updated:
2019-07-23 00:00:00
© 1999-2016 by The SquirrelMail Project Team