First published: Fri Jul 09 2004(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Squirrelmail Squirrelmail | =1.4.2 | |
Squirrelmail Squirrelmail | =1.2.7 | |
Squirrelmail Squirrelmail | =1.2.0 | |
SGI ProPack | =3.0 | |
Squirrelmail Squirrelmail | =1.2.9 | |
Squirrelmail Squirrelmail | =1.4.3_rc1 | |
Squirrelmail Squirrelmail | =1.2.2 | |
Open Webmail Open Webmail | =2.30 | |
Squirrelmail Squirrelmail | =1.2.1 | |
Squirrelmail Squirrelmail | =1.4.1 | |
Squirrelmail Squirrelmail | =1.4 | |
Squirrelmail Squirrelmail | =1.2.4 | |
Squirrelmail Squirrelmail | =1.2.3 | |
Open Webmail Open Webmail | =2.31 | |
Squirrelmail Squirrelmail | =1.2.6 | |
Squirrelmail Squirrelmail | =1.2.10 | |
Squirrelmail Squirrelmail | =1.2.5 | |
Open Webmail Open Webmail | =2.32 | |
Squirrelmail Squirrelmail | =1.2.8 | |
Squirrelmail Squirrelmail | =1.2.11 | |
Squirrelmail Squirrelmail | =1.5_dev |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.