CVE-2006-6142 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php the (2) session and (3) delete_draft parameters in (b) compose.php and (4) unspecified vectors involving \a shortcoming in the magicHTML filter.\

Reference

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://docs.info.apple.com/article.html?artnum=306172 http://fedoranews.org/cms/node/2438 http://fedoranews.org/cms/node/2439 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://secunia.com/advisories/23195 http://secunia.com/advisories/23322 http://secunia.com/advisories/23409 http://secunia.com/advisories/23504 http://secunia.com/advisories/23811 http://secunia.com/advisories/24004 http://secunia.com/advisories/24284 http://secunia.com/advisories/26235 http://securitytracker.com/id?1017327 http://sourceforge.net/project/shownotes.php?release_id=468482 http://squirrelmail.org/security/issue/2006-12-02 http://www.debian.org/security/2006/dsa-1241 http://www.mandriva.com/security/advisories?name=MDKSA-2006:226 http://www.novell.com/linux/security/advisories/2006_29_sr.html http://www.novell.com/linux/security/advisories/2007_4_sr.html http://www.redhat.com/support/errata/RHSA-2007-0022.html http://www.securityfocus.com/bid/21414 http://www.securityfocus.com/bid/25159 http://www.vupen.com/english/advisories/2006/4828 http://www.vupen.com/english/advisories/2007/2732 https://exchange.xforce.ibmcloud.com/vulnerabilities/30693 https://exchange.xforce.ibmcloud.com/vulnerabilities/30694 https://exchange.xforce.ibmcloud.com/vulnerabilities/30695 https://issues.rpath.com/browse/RPL-849 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9988