CVE-2002-1276

An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:squirrelmail:squirrelmail:1.2.8:*:*:*:*:*:*:*

Information

Published : 2002-11-28 21:00

Updated : 2008-09-05 13:30


NVD link : CVE-2002-1276

Mitre link : CVE-2002-1276


JSON object : View

Advertisement

dedicated server usa

Products Affected

squirrelmail

  • squirrelmail