CVE-2006-6142

Related Files

Debian Linux Security Advisory 1241-1

Posted Dec 28, 2006

Authored by Debian | Site debian.org

Debian Security Advisory 1241-1 - In Squirrelmail, Martijn Brinkers discovered cross site scripting vulnerabilities in the the mailto parameter of webmail.php, the session and delete_draft parameters of compose.php and through a shortcoming in the magicHTML filter. An attacker could abuse these to execute malicious JavaScript in the user's webmail session.

tags | advisory, php, javascript, vulnerability, xss

systems | linux, debian

advisories | CVE-2006-6142

SHA-256 | 3d4e4f9763c1933aa3c82f443c2430f8e41dbad4eee200ae89497e2ebf6d44bb

Download | Favorite | View

Mandriva Linux Security Advisory 2006.226

Posted Dec 12, 2006

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple cross site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the mailto parameter in webmail.php, the session and delete_draft parameters in compose.php, and unspecified vectors involving "a shortcoming in the magicHTML filter."

tags | advisory, remote, web, arbitrary, php, vulnerability, xss

systems | linux, mandriva

advisories | CVE-2006-6142

SHA-256 | f780fe058ce85352014c4edd201ec80a122360a88b9dab812c245504a3efbfc4

Download | Favorite | View