NuytsTech Security

CVE-2002-1276

by ·

An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.

Date published : 2002-11-14

http://www.securityfocus.com/bid/7019

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471

Tags: