Back to search
CVE-2002-1276
Published: Nov 14, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-191
vendor-advisory
x_refsource_DEBIAN
7019
vdb-entry
x_refsource_BID
squirrelmail-striptags-phpself-xss(10634)
vdb-entry
x_refsource_XF
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471
x_refsource_CONFIRM
8220
third-party-advisory
x_refsource_SECUNIA
RHSA-2003:042
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now