FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squirrelmail -- cross site scripting vulnerability

Affected packages
ja-squirrelmail < 1.4.3a_4,2
squirrelmail < 1.4.3a_3

Details

VuXML ID 7fbfe159-3438-11d9-a9e7-0001020eed82
Discovery 2004-11-03
Entry 2004-11-12

A SquirrelMail Security Notice reports:

There is a cross site scripting issue in the decoding of encoded text in certain headers. SquirrelMail correctly decodes the specially crafted header, but doesn't sanitize the decoded strings.

References

Message 544475695.20041110000451@netdork.net