FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squirrelmail -- Several cross site scripting vulnerabilities

Affected packages
1.4.0 <= ja-squirrelmail <= 1.4.4
1.4.0 <= squirrelmail <= 1.4.4

Details

VuXML ID e879ca68-e01b-11d9-a8bd-000cf18bbe54
Discovery 2005-06-15
Entry 2005-06-18

A SquirrelMail Security Advisory reports:

Several cross site scripting (XSS) vulnerabilities have been discovered in SquirrelMail versions 1.4.0 - 1.4.4.

The vulnerabilities are in two categories: the majority can be exploited through URL manipulation, and some by sending a specially crafted email to a victim. When done very carefully, this can cause the session of the user to be hijacked.

[source]

References

CVE Name CVE-2005-1769
URL http://www.squirrelmail.org/security/issue/2005-06-15

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.