CVE-2009-1581 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2009-1581
Status Candidate
Description functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message.
Severity Medium
CVSS score 4,3
CVSS vector (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Phase Assigned (21.08.2010)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1581
References BID : 34916
CONFIRM : http://squirrelmail.svn.sourceforge.net/viewvc/squ...
CONFIRM : http://squirrelmail.svn.sourceforge.net/viewvc/squ...
CONFIRM : http://squirrelmail.svn.sourceforge.net/viewvc/squ...
CONFIRM : http://www.squirrelmail.org/security/issue/2009-05-12
CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=500356
FEDORA : FEDORA-2009-4870
FEDORA : FEDORA-2009-4880
MANDRIVA : MDVSA-2009:110
SECUNIA : 35052
SECUNIA : 35073
VUPEN : ADV-2009-1296
XF : squirrelmail-css-xss(50463)
SecurityVulns: Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server