SquirrelMail HTML E-mail Attachment Data URI XSS

ID OSVDB:35887
Type osvdb
Reporter OSVDB
Modified 2007-05-09T06:18:23


Solution Description

Upgrade to version 1.4.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.


Vendor Specific Advisory URL Secunia Advisory ID:25787 Secunia Advisory ID:25236 Secunia Advisory ID:25690 Secunia Advisory ID:26235 Secunia Advisory ID:25320 Secunia Advisory ID:25391 Secunia Advisory ID:25200 Related OSVDB ID: 35889 Related OSVDB ID: 35888 RedHat RHSA: RHSA-2007:0358 Other Advisory URL: http://www.us.debian.org/security/2007/dsa-1290 Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070502-01-P.asc Other Advisory URL: http://www.novell.com/linux/security/advisories/2007_13_sr.html Other Advisory URL: http://www.squirrelmail.org/security/issue/2007-05-09 Other Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-June/000199.html Other Advisory URL: http://docs.info.apple.com/article.html?artnum=306172 FrSIRT Advisory: ADV-2007-1748 FrSIRT Advisory: ADV-2007-2732 CVE-2007-1262