FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squirrelmail -- Cross site scripting in HTML filter

Affected packages
1.4.0 <= squirrelmail < 1.4.9a

Details

VuXML ID 0e575ed3-0764-11dc-a80b-0016179b2dd5
Discovery 2007-05-09
Entry 2007-05-21

The SquirrelMail developers report:

Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.

References

CVE Name CVE-2007-1262
URL http://www.squirrelmail.org/security/issue/2007-05-09