New Search

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php the (2) session and (3) delete_draft parameters in (b) compose.php and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."

oval:org.mitre.oval:def:9988

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php the (2) session and (3) delete_draft parameters in (b) compose.php and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 4
  • CentOS Linux 3
  • Oracle Linux 4
  • Red Hat Enterprise Linux 3
  • CentOS Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2006-6142
Product(s):