You are not logged in.

#1 2004-06-05 07:09:30

Forum Fellow
From: Ottawa, ON, Canada
Registered: 2004-03-30
Posts: 246

SquirrelMail "Content-Type" XSS vulnerability

An advisory went out on May 30th and can be found here: .

I discovered a new XSS vuln in SquirrelMail which is quite dangerous since it could be exploited simply by sending a specially crafted mail to the victim. The victim only has to read the email in order to trigger the exploit. This bug is present in latest versions (as well as older ones).

Upgrade to 1.4.3 or latest 1.5.1 CVS from after May24th.


#2 2004-06-07 13:14:27

Forum Fellow
From: New Hampshire - USA
Registered: 2003-09-18
Posts: 250

Re: SquirrelMail "Content-Type" XSS vulnerability

I've just put a 1.5.1cvs in the 'testing' repo.  Make sure to backup your existing squirrelmail dirs/files before trying it out.  If I don't hear of any problems within a week, I'll pull it out of testing and move it to extra.


Follow the link below, sign up, and accept one promotional offer.  If I can get five suckers (err... friends) to do this, I'll get a free iPod.  Then you too can try to get a free iPod. Thanks!


Board footer

Powered by FluxBB