Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties
Junk Email Filter
|
Security
XSS vulnerability
- Date:
- 2025-04-02
- Description:
- SquirrelMail versions 1.4.23-svn/1.5.2-svn (snapshot 20250401) and below are vulnerable to an XSS attack in malicious email headers. The XSS can be executed on the message list as well as the message display.
- Affected Versions:
- <= 1.4.23-svn-20250401
<= 1.5.2-svn-20250401
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- CVE-2025-30090
- Patch:
- view patch
view patch
- Credits:
- yelang123 (@yelang123x) and nga990 (@nga_990)
- This page last updated:
- 2025-04-02 00:00:00
|
