Fwd: Re: Squirrel Mail 1.2.7 XSS Exploit

To: debian-security@lists.debian.org
Subject: Fwd: Re: Squirrel Mail 1.2.7 XSS Exploit
From: Albert Cervera Areny <albertca@jazzfree.com>
Date: Fri, 20 Sep 2002 15:47:41 +0200
Message-id: <[🔎] 200209201547.41963.albertca@jazzfree.com>

Debian testing and unstable use it too..

----------  Missatge transmès  ----------

Subject: Re: Squirrel Mail 1.2.7 XSS Exploit
Date: Thu, 19 Sep 2002 16:51:09 -0500 (CDT)
From: "Jason Munro" <jason@stdbev.com>
To: <bugtraq@securityfocus.com>

DarC KonQuesT said:
> ****Sorry if you receive two of these.****
>
> DarC KonQuesT XSS Release-
>
> Product: Squirrel Mail 1.2.7 - released June 21, 2002 (tested, others
> possibly vulnerable)
> Vendor: Squirrel Mail - Web: www.squirrelmail.org
> Problem: Cross Site Scripting
> Severity: Moderate
> Operating System(s): Tested against Red Hat 7.3, all others vulnerable
> if they are using this version of Squirrel.

Mr KonQuesT,
  All the listed exploits have been fixed in the recently released 1.2.8
version of SquirrelMail. These fixes have also been applied to the
current development and stable CVS, 1.3.2 and 1.2.9 respectively.


 \___ Jason Munro
  \___ AIM:jmunr0
   \__ jason@stdbev.com
    \__ http://www.sunflower.com/~jmunro/

-------------------------------------------------------

Reply to:

Prev by Date: Re: Probem with openssh and pam modules
Next by Date: Re: postfix in qmail out proftpd in pureftpd
Previous by thread: Re: postfix in qmail out proftpd in pureftpd
Next by thread: Re: Using PAM with SFS
Index(es):
- Date
- Thread