Definition


New Search

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php the (2) session and (3) delete_draft parameters in (b) compose.php and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."

oval:org.mitre.oval:def:9988

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php the (2) session and (3) delete_draft parameters in (b) compose.php and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 4
  • CentOS Linux 3
  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 3
  • Oracle Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2006-6142
Product(s):