Bugtraq mailing list archives
Re: SquirrelMail Cross Scripting Attacks....
From: Jonathan Angliss <jon () squirrelmail org>
Date: Fri, 30 Apr 2004 15:22:47 -0500
Hello Alvin, On Thursday, April 29, 2004, Alvin Alex wrote...
SquirrelMail latest version (although is tested on version 1.4.2) is prone to many cross scripting attacks that can be used to steal user cookies.
[..]
Squirrel Mail Coders have been informed of this vulnerability but the vulnerability still exists in their latest version.
PLEASE in future notify us before posting bug reports so we can ensure a fix is in place... The 1.4.3 release which will be out shortly will fix this issue, along with a number of other XSS issues. While we had been notified of the issue, we were holding off on announcing the issue until a fix was in place. -- Jonathan Angliss (jon () squirrelmail org)
Current thread:
- SquirrelMail Cross Scripting Attacks.... Alvin Alex (Apr 30)
- Re: SquirrelMail Cross Scripting Attacks.... Jonathan Angliss (Apr 30)