SquirrelMail HTML E-mail Attachment Data URI XSS

2007-05-09T06:18:23
ID OSVDB:35887
Type osvdb
Reporter OSVDB
Modified 2007-05-09T06:18:23

Description

Solution Description

Upgrade to version 1.4.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor Specific Advisory URL Secunia Advisory ID:25787 Secunia Advisory ID:25236 Secunia Advisory ID:25690 Secunia Advisory ID:26235 Secunia Advisory ID:25320 Secunia Advisory ID:25391 Secunia Advisory ID:25200 Related OSVDB ID: 35889 Related OSVDB ID: 35888 RedHat RHSA: RHSA-2007:0358 Other Advisory URL: http://www.us.debian.org/security/2007/dsa-1290 Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070502-01-P.asc Other Advisory URL: http://www.novell.com/linux/security/advisories/2007_13_sr.html Other Advisory URL: http://www.squirrelmail.org/security/issue/2007-05-09 Other Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-June/000199.html Other Advisory URL: http://docs.info.apple.com/article.html?artnum=306172 FrSIRT Advisory: ADV-2007-1748 FrSIRT Advisory: ADV-2007-2732 CVE-2007-1262