Description
XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2.
Due to improper handling of RCDATA and RAWTEXT type elements, the built-in
sanitization mechanism can be bypassed. Malicious script content from HTML
e-mail can be executed within the application context via crafted use of
(for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element.
Ubuntu-Description
It was discovered a XSS vulnerability in SquirrelMail. An attacker could use
malicious script content from HTML e-mail to execute code and/or provoke a
denial of service.
Package
Upstream: | released
(2:1.4.23~svn20120406-2+deb8u4)
|
Ubuntu 18.04 LTS: | DNE
|
Ubuntu 20.04 LTS: | DNE
|
Ubuntu 14.04 ESM: | DNE
|
Patches:
Updated: 2022-04-13 13:39:24 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)