CVE-2002-1276

An incomplete fix for a cross-site scripting XSS vulnerability in SquirrelMail 1.2.8 calls the striptags function on the PHPSELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks...

CVE-2002-1276

CVE-2002-1276 concerns SquirrelMail XSS due to an incomplete fix in version 1.2.8 where strip_tags is applied to PHP_SELF but not saved back, leaving room for injection. OpenVAS notes the read_body.php path (SquirrelMail 1.2.9/1.2.10) as vulnerable to multiple parameter XSS. Debian security advis...