CVE-2006-3174 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-3174
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3174

Description: Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26941 SAID Secunia Advisory: SA26235 OSVDB 26610 MISC http://pridels.blogspot.com/2006/06/squirrelmail-151-xss-vuln.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:147 CONFIRM http://docs.info.apple.com/article.html?artnum=306172 BID 18700 25159 APPLE http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

Return to the previous page.