squirrelmail -- cross site scripting vulnerability

2004-11-03T00:00:00
ID 7FBFE159-3438-11D9-A9E7-0001020EED82
Type freebsd
Reporter FreeBSD
Modified 2004-11-03T00:00:00

Description

A SquirrelMail Security Notice reports:

There is a cross site scripting issue in the decoding of encoded text in certain headers. SquirrelMail correctly decodes the specially crafted header, but doesn't sanitize the decoded strings.