SquirrelMail / Bugs / #622 Cross-site scripting vulnerability.

#622 Cross-site scripting vulnerability.

Status: closed-fixed

Owner: Konstantin Riabitsev

Labels: None

Priority: 9

Updated: 2002-04-16

Created: 2002-04-16

Creator: Konstantin Riabitsev

Private: No

If the html message contains a <<script sequence, it
will get past the html filters and be executed by the
browser, leading to possible session hijacking and
other nastiness.

Discussion

Konstantin Riabitsev - 2002-04-16

Logged In: YES
user_id=147248

Fix is in place. MagicHTML should be redone, period.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Konstantin Riabitsev - 2002-04-16

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Cross-site scripting vulnerability.

Group

Searches

Help

#622 Cross-site scripting vulnerability.

Discussion