First published: Fri Feb 24 2006(Updated: )
webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SquirrelMail | =1.4.2 | |
SquirrelMail | =1.4.6_rc1 | |
SquirrelMail | =1.4.3_r3 | |
SquirrelMail | =1.4.3_rc1 | |
SquirrelMail | =1.4.4_rc1 | |
SquirrelMail | =1.4.3 | |
SquirrelMail | =1.4.1 | |
SquirrelMail | =1.4 | |
SquirrelMail | =1.4.3a | |
SquirrelMail | =1.4_rc1 | |
SquirrelMail | =1.4.4 | |
SquirrelMail | =1.4.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2006-0188 has been classified as a moderate severity vulnerability due to its potential for exploitation via cross-site scripting.
To fix CVE-2006-0188, upgrade SquirrelMail to version 1.4.6 or later, as this addresses the vulnerability.
SquirrelMail versions 1.4.0 to 1.4.5 are affected by CVE-2006-0188.
Yes, CVE-2006-0188 can be exploited remotely by injecting arbitrary web pages into the right frame.
CVE-2006-0188 is related to cross-site scripting but is different from typical XSS vulnerabilities due to the way it interacts with web frames.