squirrelmail -- Several cross site scripting vulnerabilities

2005-06-15T00:00:00
ID E879CA68-E01B-11D9-A8BD-000CF18BBE54
Type freebsd
Reporter FreeBSD
Modified 2005-06-15T00:00:00

Description

A SquirrelMail Security Advisory reports:

Several cross site scripting (XSS) vulnerabilities have been discovered in SquirrelMail versions 1.4.0 - 1.4.4. The vulnerabilities are in two categories: the majority can be exploited through URL manipulation, and some by sending a specially crafted email to a victim. When done very carefully, this can cause the session of the user to be hijacked.