FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squirrelmail -- Cross site scripting vulnerability

Affected packages
squirrelmail < 1.4.17

Details

VuXML ID d1ce8a4f-c235-11dd-8cbc-00163e000016
Discovery 2008-12-03
Entry 2008-12-04

Squirrelmail team reports:

An issue was fixed that allowed an attacker to send specially- crafted hyperlinks in a message that could execute cross-site scripting (XSS) when the user viewed the message in SquirrelMail.

References

CVE Name CVE-2008-2379
URL http://secunia.com/Advisories/32143/
URL http://sourceforge.net/project/shownotes.php?release_id=644750&group_id=311