CVE-2006-0188 - Secunia.com

CVE Reference: CVE-2006-0188
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-0188

Description: webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/24847 SUSE http://www.novell.com/linux/security/advisories/2006_05_sr.html ST 1015662 SGI SAID Secunia Advisory: SA18985 Secunia Advisory: SA19131 Secunia Advisory: SA19130 Secunia Advisory: SA19176 Secunia Advisory: SA19205 Secunia Advisory: SA19960 Secunia Advisory: SA20210 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0283.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10419 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:049 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml FEDORA http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html DEBIAN http://www.debian.org/security/2006/dsa-988 CONFIRM http://www.squirrelmail.org/security/issue/2006-02-01 BID 16756

Return to the previous page.

Secunia