FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squirrelmail -- Several cross site scripting vulnerabilities

Affected packages
1.4.0 <= ja-squirrelmail <= 1.4.4
1.4.0 <= squirrelmail <= 1.4.4


VuXML ID e879ca68-e01b-11d9-a8bd-000cf18bbe54
Discovery 2005-06-15
Entry 2005-06-18

A SquirrelMail Security Advisory reports:

Several cross site scripting (XSS) vulnerabilities have been discovered in SquirrelMail versions 1.4.0 - 1.4.4.

The vulnerabilities are in two categories: the majority can be exploited through URL manipulation, and some by sending a specially crafted email to a victim. When done very carefully, this can cause the session of the user to be hijacked.


CVE Name CVE-2005-1769