CVE-2010-4555
Priority
Low
Description
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21
and earlier allow remote attackers to inject arbitrary web script or HTML
via vectors involving (1) drop-down selection lists, (2) the > (greater
than) character in the SquirrelSpell spellchecking plugin, and (3) errors
associated with the Index Order (aka options_order) page.
and earlier allow remote attackers to inject arbitrary web script or HTML
via vectors involving (1) drop-down selection lists, (2) the > (greater
than) character in the SquirrelSpell spellchecking plugin, and (3) errors
associated with the Index Order (aka options_order) page.
References
Package
| Upstream: | released (1.4.22) |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | needed |
| Ubuntu 11.10 (Oneiric Ocelot): | not-affected (2:1.4.22-1) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (2:1.4.22-1) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (2:1.4.22-1) |
| Ubuntu 13.04 (Raring Ringtail): | not-affected (2:1.4.22-1) |
Patches:
| Upstream: | http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119 |