Oval Definition:	oval:org.mitre.oval:tst:37956
Comment: squirrelmail is earlier than 0:1.4.8-5.el4_7.2 Type: rpminfo_test Namespace: linux Check_Existence: at_least_one_exists Check: at least one State Operator: AND References Object: oval:org.mitre.oval:obj:14331 State: oval:org.mitre.oval:ste:11138 Referencing Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:9764 V Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. 2013-04-29 oval:org.mitre.oval:def:10548 V Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. 2013-04-29
BACK