Ivan Marković

Security consultant and researcher

Long experience in designing and implementation of security solutions, mainly oriented on web, mobile and embedded applications. Author of penetration testing tools, recognized by OWASP organization and BackTrack Linux distribution. Researching work includes discovery of vulnerabilities of numeral applications and services, and for these, author received public apreciations by Microsoft Company..

Contact via Linkedin or read interesting staff on Twitter.

SquirrelMail Malformed HTML Mail Message Script Insertion

From: http://www.squirrelmail.org/security/issue/2008-12-04

Cross site scripting in HTML filter

Date:
2008-12-04

Description:
A cross-site scripting (XSS) vulnerability was discovered, which allows to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. This can be triggered when viewing a malicious email message in HTML mode.

Affected Versions:
1.4.0 - 1.4.16

Register Globals:
Register_globals does not have to be on for this issue.

CVE ID(s):
CVE-2008-2379
Patch:
view patch

Credits:
Thanks to Ivan Markovic and Secunia.

This page last updated:
2008-12-07 14:47:11

 

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2379
https://www.tenable.com/plugins/index.php?view=single&id=35353