An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
squirrelmail squirrelmail 1.2.8 |