10 matches found
SUSE CVE-2006-0195
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting XSS attacks via style sheet specifiers with invalid 1 "/" and "/" comments, or 2 a newline in a "url" specifier, which is processed by certain web browsers...
SUSE CVE-2006-6142
Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the 1 mailto parameter in a webmail.php, the 2 session and 3 deletedraft parameters in b compose.php, and 4 unspecified vectors involving "a...
Three XSS issues in SquirrelMail
Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the 1 mailto parameter in a webmail.php, the 2 session and 3 deletedraft parameters in b compose.php, and 4 unspecified vectors involving "a...
Debian DSA-1241-1 : squirrelmail - XSS
Martijn Brinkers discovered cross-site scripting vulnerabilities in the mailto parameter of webmail.php, the session and deletedraft parameters of compose.php and through a shortcoming in the magicHTML filter. An attacker could abuse these to execute malicious JavaScript in the user's webmail...
CVE-2006-6142
Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the 1 mailto parameter in a webmail.php, the 2 session and 3 deletedraft parameters in b compose.php, and 4 unspecified vectors involving "a...
security flaw
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting XSS attacks via style sheet specifiers with invalid 1 "/" and "/" comments, or 2 a newline in a "url" specifier, which is processed by certain web browsers...
SquirrelMail: Cross-site scripting and IMAP command injection
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description SquirrelMail does not validate the rightframe parameter in webmail.php, possibly allowing frame replacement or cross-site scripting CVE-2006-0188. Martijn Brinkers and Scott Hughes...
CVE-2006-0195
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting XSS attacks via style sheet specifiers with invalid 1 "/" and "/" comments, or 2 a newline in a "url" specifier, which is processed by certain web browsers...
Cross site scripting
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting XSS attacks via style sheet specifiers with invalid 1 "/" and "/" comments, or 2 a newline in a "url" specifier, which is processed by certain web browsers...
CVE-2006-0195
CVE-2006-0195 affects SquirrelMail 1.4.0–1.4.5 and is caused by an interpretation conflict in the MagicHTML filter, enabling remote XSS via style sheet specifiers with invalid /* */ comments or a newline in the url specifier. Public advisories and OpenVAS entries reference related fixes; Debian/C...