Multiple cross site scripting issues
- Two issues were fixed that both allowed an attacker to run arbitrary script (XSS) on most any SquirrelMail page by getting the user to click on specially crafted SquirrelMail links.
- Affected Versions:
- <= 1.4.17
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- view patch
- Niels Teusink and Christian Balzer
- This page last updated:
- 2009-05-08 00:00:00