SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Security

Multiple cross site scripting issues

Date:
2009-05-08
Description:
Two issues were fixed that both allowed an attacker to run arbitrary script (XSS) on most any SquirrelMail page by getting the user to click on specially crafted SquirrelMail links.
Affected Versions:
<= 1.4.17
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
CVE-2009-1578
Patch:
view patch
Credits:
Niels Teusink and Christian Balzer
This page last updated:
2009-05-08 00:00:00
© 1999-2010 by The SquirrelMail Project Team