MitreCVELIST:CVE-2006-6142CVE-2006-6142
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving “a shortcoming in the magicHTML filter.”
References
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
docs.info.apple.com/article.html?artnum=306172
fedoranews.org/cms/node/2438
fedoranews.org/cms/node/2439
lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
secunia.com/advisories/23195
secunia.com/advisories/23322
secunia.com/advisories/23409
secunia.com/advisories/23504
secunia.com/advisories/23811
secunia.com/advisories/24004
secunia.com/advisories/24284
secunia.com/advisories/26235
securitytracker.com/id?1017327
sourceforge.net/project/shownotes.php?release_id=468482
squirrelmail.org/security/issue/2006-12-02
www.debian.org/security/2006/dsa-1241
www.mandriva.com/security/advisories?name=MDKSA-2006:226
www.novell.com/linux/security/advisories/2006_29_sr.html
www.novell.com/linux/security/advisories/2007_4_sr.html
www.redhat.com/support/errata/RHSA-2007-0022.html
www.securityfocus.com/bid/21414
www.securityfocus.com/bid/25159
www.vupen.com/english/advisories/2006/4828
www.vupen.com/english/advisories/2007/2732
exchange.xforce.ibmcloud.com/vulnerabilities/30693
exchange.xforce.ibmcloud.com/vulnerabilities/30694
exchange.xforce.ibmcloud.com/vulnerabilities/30695
issues.rpath.com/browse/RPL-849
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988
Related
