REDHAT-BUG-720694: XSS

First published: Tue Jul 12 2011(Updated: )

Multiple cross-site scripting (XSS) flaws were found in the SquirrelMail webmail client: * XSS flaws in generic options inputs, * XSS flaw in the SquirrelSpell plug-in, * XSS flaw in the Index Order page. Also protection against Cross-site Request Forgery (CSRF) flaws has been added to the empty trash feature and to the Index Order page. The CSRF flaws got a dedicated CVE identifier of <a href="https://access.redhat.com/security/cve/CVE-2011-2753">CVE-2011-2753</a>. For further information have a look at: [1] <a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2753">https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2753</a> Upstream advisory: [2] <a href="http://www.squirrelmail.org/security/issue/2011-07-11">http://www.squirrelmail.org/security/issue/2011-07-11</a> Relevant upstream patch: [3] <a href="http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&amp;revision=14119">http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&amp;revision=14119</a>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/weakness
• agent/references
• agent/last-modified-date
• agent/first-publish-date
• agent/type
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2010-4555
• agent/severity
• agent/description
• agent/event
• agent/trending
• agent/source
• agent/softwarecombine
• agent/tags
• agent/guess-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• vendor/squirrelmail
• canonical/squirrelmail