CVE-2009-1578
CVE-2009-1578
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING).
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://download.gna.org/nasmail/nasmail-1.7.ziphttp://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlhttp://osvdb.org/60468https://bugzilla.redhat.com/show_bug.cgi?id=500363http://secunia.com/advisories/35052http://secunia.com/advisories/35073http://secunia.com/advisories/35140http://secunia.com/advisories/35259http://secunia.com/advisories/37415http://secunia.com/advisories/40220https://exchange.xforce.ibmcloud.com/vulnerabilities/50459https://exchange.xforce.ibmcloud.com/vulnerabilities/50460