AI Score
Confidence
High
EPSS
Percentile
48.1%
An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471
secunia.com/advisories/8220
www.debian.org/security/2002/dsa-191
www.iss.net/security_center/static/10634.php
www.redhat.com/support/errata/RHSA-2003-042.html
www.securityfocus.com/bid/7019