Oval Definition:	oval:org.mitre.oval:tst:38111
Comment: squirrelmail is earlier than 0:1.4.8-8.el3 Type: rpminfo_test Namespace: linux Check_Existence: at_least_one_exists Check: at least one State Operator: AND References Object: oval:org.mitre.oval:obj:14331 State: oval:org.mitre.oval:ste:10894 Referencing Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:9764 V Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. 2013-04-29 oval:org.mitre.oval:def:10548 V Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. 2013-04-29
BACK