Security

Multiple XSS vulnerabilities

Date:

2011-07-11

Description:

It has been discovered that an attacker could use one of several small bugs in SquirrelMail to inject malicious script into various pages or alter the contents of user preferences. An attacker could re-write the value of certain drop-down selection lists to include arbitrary script or inject newlines into saved user preference values in order to add or alter other preference values. Also, the SquirrelSpell spellchecking plugin was not properly sanitizing the > character, which allowed anyone to type some script into the message body input, click to check spelling and have that script executed by the browser. Finally, the Index Order page would report certain input errors verbatim, even when they contain unauthorized content (including dangerous XSS script). We consider these vulnerabilities to be of moderate risk, since they require the ability of an attacker to alter the SquirrelMail interface/code in order to exploit (probably very difficult), but once achieved, these could expose sensitive user data.

Affected Versions:

<= 1.4.21

Register Globals:

Register_globals does not have to be on for this issue.

CVE ID(s):

CVE-2010-4555
CVE-2011-2752
CVE-2011-2753

Patch:

view patch

Credits:

Nicholas Carlini

This page last updated:

2011-07-12 00:00:00