Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo GLSA-200405-16 Moderate: SquirrelMail XSS And SQL Injection

gentoo
Calendar Grey May 21, 2004
Dist Gentoo Esm H88
SquirrelMail contains several XSS vulnerabilities along with a SQL injection flaw. Update to version 1.4.3_rc1 to maintain security integrity.
SquirrelMail is subject to several XSS and one SQL injection vulnerability.

Summary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gentoo Linux Security Advisory                           GLSA 200405-16
                                            https://security.gentoo.org/

  Severity: Normal
     Title: Multiple XSS Vulnerabilities in SquirrelMail
      Date: May 21, 2004
      Bugs: #49675
        ID: 200405-16


Synopsis
=======
SquirrelMail is subject to several XSS and one SQL injection
vulnerability.

Background
=========
SquirrelMail is a webmail package written in PHP. It supports IMAP and
SMTP, and can optionally be installed with SQL support.

Affected packages
================
    -------------------------------------------------------------------
     Package                /   Vulnerable   /              Unaffected
    -------------------------------------------------------------------
  1  net-mail/squirrelmail       <= 1.4.2                 >= 1.4.3_rc1

==========
Several unspecified cross-site scripting (XSS) vulnerabilities and a
well hidden SQL injection vulnerability were fou...
Read the Full Advisory
Topics%20covered

Topics Covered

security advisory moderate Gentoo XSS SQL injection SquirrelMail webmail

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory moderate Gentoo XSS SQL injection SquirrelMail webmail

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here