New Search

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments or (2) a newline in a "url" specifier which is processed by certain web browsers including Internet Explorer.

oval:org.mitre.oval:def:9548

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments or (2) a newline in a "url" specifier which is processed by certain web browsers including Internet Explorer.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Oracle Linux 4
  • CentOS Linux 4
  • CentOS Linux 3
  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 3
Class:
vulnerability
Reference(s):
  • CVE-2006-0195
Product(s):