Bugtraq mailing list archives
Re: Squirrel Mail 1.2.7 XSS Exploit
From: "Jason Munro" <jason () stdbev com>
Date: Thu, 19 Sep 2002 16:51:09 -0500 (CDT)
DarC KonQuesT said:
****Sorry if you receive two of these.**** DarC KonQuesT XSS Release- Product: Squirrel Mail 1.2.7 - released June 21, 2002 (tested, others possibly vulnerable) Vendor: Squirrel Mail - Web: www.squirrelmail.org Problem: Cross Site Scripting Severity: Moderate Operating System(s): Tested against Red Hat 7.3, all others vulnerable if they are using this version of Squirrel.
Mr KonQuesT, All the listed exploits have been fixed in the recently released 1.2.8 version of SquirrelMail. These fixes have also been applied to the current development and stable CVS, 1.3.2 and 1.2.9 respectively. \___ Jason Munro \___ AIM:jmunr0 \__ jason () stdbev com \__ http://www.sunflower.com/~jmunro/
Current thread:
- Squirrel Mail 1.2.7 XSS Exploit DarC KonQuesT (Sep 19)
- Re: Squirrel Mail 1.2.7 XSS Exploit Jason Munro (Sep 19)