CVE-2002-1276

2002-11-29T00:00:00
ID CVE-2002-1276
Type cve
Reporter NVD
Modified 2008-09-05T16:30:12

Description

An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.