paul Posted May 19, 2007 Report Share Posted May 19, 2007 A number of HTML filtering bugs were found in SquirrelMail that could allow an attacker to inject arbitrary JavaScript leading to cross-site scripting attacks by sending an email viewed by a user within SquirrelMail (CVE-2007-1262). As well, SquirrelMail did not sufficiently check arguments to IMG tags in HTML messages that could be exploited by an attacker by sending arbitrary email messges on behalf of a SquirrelMail user tricked into opening a maliciously-crafted HTML email message (CVE-2007-2589). The packages provided have been updated to correct these vulnerabilities; Corporate Server 4 has been upgraded to SquirrelMail 1.4.10a and Corporate Server 3 has been patched to protect against these issues. Link to comment Share on other sites More sharing options...
Recommended Posts