CVE-2006-6142 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-6142
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-6142

Description: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/30695 http://xforce.iss.net/xforce/xfdb/30693 http://xforce.iss.net/xforce/xfdb/30694 SUSE http://www.novell.com/linux/security/advisories/2006_29_sr.html http://www.novell.com/linux/security/advisories/2007_4_sr.html ST 1017327 SGI SAID Secunia Advisory: SA23195 Secunia Advisory: SA23322 Secunia Advisory: SA23409 Secunia Advisory: SA23504 Secunia Advisory: SA23811 Secunia Advisory: SA24004 Secunia Advisory: SA24284 Secunia Advisory: SA26235 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0022.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:226 FEDORA http://fedoranews.org/cms/node/2439 http://fedoranews.org/cms/node/2438 DEBIAN http://www.debian.org/security/2006/dsa-1241 CONFIRM http://docs.info.apple.com/article.html?artnum=306172 http://squirrelmail.org/security/issue/2006-12-02 http://sourceforge.net/project/shownotes.php?release_id=468482 BID 25159 21414 APPLE http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

Return to the previous page.