Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2004-0519

Publish Date: 30 Apr 2004

                							

                source: http://www.securityfocus.com/bid/10246/info

It has been reported that SquirrelMail is affected by a cross-site scripting vulnerability in the handling of folder name displays. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic web content.

This issue may allow for theft of cookie-based authentication credentials. Other attacks are also possible.

http://www.example.com/mail/src/compose.php?mailbox="&gt;&amp;lt;script&amp;gt;window.alert(document.cookie)&amp;lt;/script&amp;gt;

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

SquirrelMail 1.4.x - Folder Name Cross-Site Scripting

Vulmon Search

About

Products

Connect