Ivan Marković

Security consultant and researcher

Long experience in designing and implementation of security solutions, mainly oriented on web, mobile and embedded applications. Author of penetration testing tools, recognized by OWASP organization and BackTrack Linux distribution. Researching work includes discovery of vulnerabilities of numeral applications and services, and for these, author received public apreciations by Microsoft Company..

Contact via Linkedin or read interesting staff on Twitter.

SquirrelMail Malformed HTML Mail Message Script Insertion

From: http://www.squirrelmail.org/security/issue/2008-12-04

Cross site scripting in HTML filter


A cross-site scripting (XSS) vulnerability was discovered, which allows to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. This can be triggered when viewing a malicious email message in HTML mode.

Affected Versions:
1.4.0 - 1.4.16

Register Globals:
Register_globals does not have to be on for this issue.

CVE ID(s):
view patch

Thanks to Ivan Markovic and Secunia.

This page last updated:
2008-12-07 14:47:11