[openwebmail] Fw: Re: XSS bug.

2004-06-05T00:00:00
ID SECURITYVULNS:DOC:6296
Type securityvulns
Reporter Securityvulns
Modified 2004-06-05T00:00:00

Description

Hello all,

Its a forward message from openwebmail bugtraq system with the problem and the solution ;-)

---------- Forwarded Message ----------- From: "openwebmail" <openwebmail@turtle.ee.ncku.edu.tw> To: "aramosf" <aramosf@unsec.net> Sent: Thu, 3 Jun 2004 20:30:07 +0800 Subject: Re: XSS bug.

On Wed, 2 Jun 2004 18:15:06 +0200, aramosf wrote > Hello, > > I tried to exploit openwebmail 2.32 (latest stable) with the same > adv of SquireMail from RomanSoft, http://www.rs-labs.com/adv/RS-Labs- > Advisory-2004-1.txt, and the openwebmail is vulnerable too. > > -- > A. Ramos <aka dab> > http://www.unsec.net

Hi,

Thanks for the bug report, it has been fixed in the latest openwebmail-current.tgz.

Regards.

tung

Distributed System Laboratory (http://dslab.ee.ncku.edu.tw) Department of Electrical Engineering National Cheng Kung University, Tainan, Taiwan, R.O.C. ------- End of Forwarded Message -------

-- A. Ramos <aka dab> http://www.unsec.net