CVE-2011-2023

Priority
Low
Description
Cross-site scripting (XSS) vulnerability in functions/mime.php in
SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web
script or HTML via a crafted STYLE element in an e-mail message.
References
Package
Upstream:released (1.4.22)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (2:1.4.22-1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (2:1.4.22-1)
Ubuntu 13.04 (Raring Ringtail):not-affected (2:1.4.22-1)
Ubuntu 13.10 (Saucy Salamander):not-affected (2:1.4.22-1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (2:1.4.22-1)
Patches:
Upstream:http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?view=patch&r1=14133&r2=14120&pathrev=14133
More Information

Valid XHTML 1.0 Strict

Updated: 2013-12-20 21:16:36 UTC (commit 7585)