FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-1262

This CVE name corresponds to:

Entered Topic
2007-05-21 squirrelmail -- Cross site scripting in HTML filter

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-1262 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-1262
Phase Assigned(20070303)

Description

Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.

References

Source Reference
CONFIRM http://www.squirrelmail.org/security/issue/2007-05-09
CONFIRM https://issues.rpath.com/browse/RPL-1353
CONFIRM http://docs.info.apple.com/article.html?artnum=306172
APPLE APPLE-SA-2007-07-31
DEBIAN DSA-1290
MANDRIVA MDKSA-2007:106
REDHAT RHSA-2007:0358
SUSE SUSE-SR:2007:013
JVN JVN#09157962
JVNDB JVNDB-2007-000398
BID 23910
BID 25159
OSVDB 35887
OSVDB 35888
OVAL oval:org.mitre.oval:def:11712
VUPEN ADV-2007-1748
VUPEN ADV-2007-2732
SECTRACK 1018033
SECUNIA 25200
SECUNIA 25236
SECUNIA 25320
SECUNIA 25690
SECUNIA 26235
SECUNIA 25787

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.