squirrelmail -- Cross site scripting in HTML filter

ID 0E575ED3-0764-11DC-A80B-0016179B2DD5
Type freebsd
Reporter FreeBSD
Modified 2007-05-09T00:00:00


The SquirrelMail developers report:

Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.