An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
| CVE ID | Name | Status | References |
|---|---|---|---|
| CVE-2002-1276 | An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks. |
Modified (20071113) | BID:7019 | URL:http://www.securityfocus.com/bid/7019 | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471 | DEBIAN:DSA-191 | URL:http://www.debian.org/security/2002/dsa-191 | REDHAT:RHSA-2003:042 | URL:http://www.redhat.com/support/errata/RHSA-2003-042.html | SECUNIA:8220 | URL:http://secunia.com/advisories/8220 | XF:squirrelmail-striptags-phpself-xss(10634) | URL:http://www.iss.net/security_center/static/10634.php |
Page created: