Oval Definition:	oval:org.mitre.oval:tst:31556
Comment: squirrelmail is earlier than 0:1.4.3a-12.EL4 Type: rpminfo_test Namespace: linux Check_Existence: at_least_one_exists Check: at least one State Operator: AND References Object: oval:org.mitre.oval:obj:14331 State: oval:org.mitre.oval:ste:9967 Referencing Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:9852 V Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message. 2013-04-29 oval:org.mitre.oval:def:10500 V options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files. 2013-04-29
BACK