Oval Definition:	oval:org.mitre.oval:def:9988
Revision Date: 2013-04-29 Version: 11 Title: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter." Description: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter." Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2006-6142 Platform(s): CentOS Linux 3 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Product(s): Definition Synopsis OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 OR CentOS Linux 3.x AND squirrelmail is earlier than 0:1.4.8-4.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 OR CentOS Linux 4.x OR Oracle Linux 4.x AND squirrelmail is earlier than 0:1.4.8-4.el4
BACK