FW: Squirrel Mail 1.2.7 XSS Exploit

Christopher Wagner chrisw at pacaids.com
Thu Sep 19 17:28:06 PDT 2002


Update to my previous post..

- Christopher Wagner
chrisw at pacaids.com

Packaging Aids Corporation - Information Systems
P.O. Box 9144
San Rafael, CA 94912-9144
http://www.pacaids.com/
(415) 454-4868 x116
 

-----Original Message-----
From: Jason Munro [mailto:jason at stdbev.com]
Sent: Thursday, September 19, 2002 5:26 PM
To: bugtraq at securityfocus.com
Subject: Re: Squirrel Mail 1.2.7 XSS Exploit


DarC KonQuesT said:
> DarC KonQuesT XSS Release-
>
> Product: Squirrel Mail 1.2.7 - released June 21, 2002 (tested, others
> possibly vulnerable)
> Vendor: Squirrel Mail - Web: www.squirrelmail.org
> Problem: Cross Site Scripting
> Severity: Moderate
> Operating System(s): Tested against Red Hat 7.3, all others vulnerable
> if they are using this version of Squirrel.

Mr KonQuesT,
  All the listed exploits have been fixed in the recently released 1.2.8
version of SquirrelMail. These fixes have also been applied to the
current development and stable CVS, 1.3.2 and 1.2.9 respectively.


 \___ Jason Munro
  \___ AIM:jmunr0
   \__ jason at stdbev.com
    \__ http://www.sunflower.com/~jmunro/



SPAM: ---- Start SpamAssassin results
SPAM: -4.4 hits, 5 required;
SPAM: * -4.4 -- 'In-Reply-To' line found
SPAM: 
SPAM: ---- End of SpamAssassin results



More information about the talk mailing list