Published:2006/04/21 Last Updated:2007/05/21
JVN#83263796
SquirrelMail cross-site scripting vulnerability
Overview
SquirrelMail is a web-based email program provided by the SquirrelMail Project. SquirrelMail contains a cross-site scripting vulnerability as it does not adequately handle HTML email.
Products Affected
- SquirrelMail 1.4.0 - 1.4.6 Release Candidate
Description
Impact
A malicious script may be executed on the user's web browser.
Solution
Vendor Status
| Vendor | Link |
| SquirrelMail Project |
Security - Possible XSS in MagicHTML (IE only) |
References
JPCERT/CC Addendum
Credit
Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CVE-2006-0195 |
| JVN iPedia |
JVNDB-2006-000251 |