Описание
ELSA-2007-0358: Moderate: squirrelmail security update (MODERATE)
[1.4.8-4.0.1.el4.0.1]
- remove banners
[1.4.8-4.0.1]
- resolves: #239650: CVE-2007-1262 squirrelmail cross-site scripting flaw
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
squirrelmail
1.4.8-4.0.1.el5.0.1
Oracle Linux i386
squirrelmail
1.4.8-4.0.1.el5.0.1
Связанные CVE
Связанные уязвимости
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.
Cross-site request forgery (CSRF) vulnerability in compose.php in Squi ...
Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.