Detections
Analytics
CVE-2006-6142
medium
Description
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9988
https://issues.rpath.com/browse/RPL-849
https://exchange.xforce.ibmcloud.com/vulnerabilities/30695
https://exchange.xforce.ibmcloud.com/vulnerabilities/30694
https://exchange.xforce.ibmcloud.com/vulnerabilities/30693
http://www.vupen.com/english/advisories/2007/2732
http://www.vupen.com/english/advisories/2006/4828
http://www.securityfocus.com/bid/25159
http://www.securityfocus.com/bid/21414
http://www.redhat.com/support/errata/RHSA-2007-0022.html
http://www.novell.com/linux/security/advisories/2007_4_sr.html
http://www.novell.com/linux/security/advisories/2006_29_sr.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:226
http://www.debian.org/security/2006/dsa-1241
http://squirrelmail.org/security/issue/2006-12-02
http://sourceforge.net/project/shownotes.php?release_id=468482
http://securitytracker.com/id?1017327
http://secunia.com/advisories/26235
http://secunia.com/advisories/24284
http://secunia.com/advisories/24004
http://secunia.com/advisories/23811
http://secunia.com/advisories/23504
http://secunia.com/advisories/23409
http://secunia.com/advisories/23322
http://secunia.com/advisories/23195
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://fedoranews.org/cms/node/2439