Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: 200603-09 Low: SquirrelMail Cross-Site Scripting Risks

gentoo
Calendar Grey March 12, 2006
Dist Gentoo Esm H88
Gentoo alerts users regarding minor vulnerabilities found in SquirrelMail, such as potential cross-site scripting attacks and risks associated with IMAP command injection.
SquirrelMail is vulnerable to several cross-site scripting vulnerabilities and IMAP command injection.

Summary

Gentoo Linux Security Advisory GLSA 200603-09 https://security.gentoo.org/ Severity: Low Title: SquirrelMail: Cross-site scripting and IMAP command injection Date: March 12, 2006 Bugs: #123781 ID: 200603-09

Synopsis ======= SquirrelMail is vulnerable to several cross-site scripting vulnerabilities and IMAP command injection.
Background ========= SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/squirrelmail < 1.4.6 >= 1.4.6
========== SquirrelMail does not validate the right_frame parameter in webmail.php, possibly allowing frame replacement or cro...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo squirrelmail cross-site scripting low severity imap command injection

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
low
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory gentoo squirrelmail cross-site scripting low severity imap command injection

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here