[Full-Disclosure] RS-2004-2: "Content-Type" XSS vulnerability affecting other webmail systems

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =============================== - RS-Labs Security Advisory - =============================== Tittle: "Content-Type" XSS vulnerability affecting other webmail systems ID: RS-2004-2 Severity: Medium / High - Arbitrary tags injection in victim's browser...

"Content-Type" XSS vulnerability affecting other webmail systems

Roman Medina-Heigl Hernandez did a survey which other webmail systems where vulnerable to a bug he discovered in SquirrelMail. This advisory summarizes the results...