Oval Definition:	oval:org.mitre.oval:tst:33850
Comment: squirrelmail is earlier than 0:1.4.8-6.el3 Type: rpminfo_test Namespace: linux Check_Existence: at_least_one_exists Check: at least one State Operator: AND References Object: oval:org.mitre.oval:obj:14331 State: oval:org.mitre.oval:ste:9696 Referencing Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:11448 V Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element. 2013-04-29 oval:org.mitre.oval:def:11712 V Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. 2013-04-29
BACK