diff options
author | simon <simon@FreeBSD.org> | 2004-11-12 07:53:32 +0800 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2004-11-12 07:53:32 +0800 |
commit | 928affdc0a29dade72f128d1bb3da1893f73d68c (patch) | |
tree | 13b1e129ac953846d7580843b5e8d2af15133f7b /security | |
parent | e9814a3820cb4658cb1925432248acd343528941 (diff) | |
download | freebsd-ports-gnome-928affdc0a29dade72f128d1bb3da1893f73d68c.tar.gz freebsd-ports-gnome-928affdc0a29dade72f128d1bb3da1893f73d68c.tar.zst freebsd-ports-gnome-928affdc0a29dade72f128d1bb3da1893f73d68c.zip |
Document a XSS in squirrelmail.
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index bd49c1a379a7..9649c4c7b0d7 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,38 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="7fbfe159-3438-11d9-a9e7-0001020eed82"> + <topic>squirrelmail -- cross site scripting vulnerability</topic> + <affects> + <package> + <name>ja-squirrelmail</name> + <range><lt>1.4.3a_4,2</lt></range> + </package> + <package> + <name>squirrelmail</name> + <range><lt>1.4.3a_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A SquirrelMail Security Notice reports:</p> + <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&m=110012133608004"> + <p>There is a cross site scripting issue in the decoding of + encoded text in certain headers. SquirrelMail correctly + decodes the specially crafted header, but doesn't sanitize + the decoded strings.</p> + </blockquote> + </body> + </description> + <references> + <mlist msgid="544475695.20041110000451@netdork.net">http://marc.theaimsgroup.com/?l=bugtraq&m=110012133608004</mlist> + </references> + <dates> + <discovery>2004-11-03</discovery> + <entry>2004-11-12</entry> + </dates> + </vuln> + <vuln vid="1f8dea68-3436-11d9-952f-000c6e8f12ef"> <topic>bnc -- buffer-overflow vulnerability</topic> <affects> |