Back to search
CVE-2006-0195
Published: Feb 24, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
MDKSA-2006:049
vendor-advisory
x_refsource_MANDRIVA
RHSA-2006:0283
vendor-advisory
x_refsource_REDHAT
19176
third-party-advisory
x_refsource_SECUNIA
FEDORA-2006-133
vendor-advisory
x_refsource_FEDORA
SUSE-SR:2006:005
vendor-advisory
x_refsource_SUSE
20210
third-party-advisory
x_refsource_SECUNIA
ADV-2006-0689
vdb-entry
x_refsource_VUPEN
18985
third-party-advisory
x_refsource_SECUNIA
19205
third-party-advisory
x_refsource_SECUNIA
19960
third-party-advisory
x_refsource_SECUNIA
16756
vdb-entry
x_refsource_BID
19130
third-party-advisory
x_refsource_SECUNIA
squirrelmail-magichtml-xss(24848)
vdb-entry
x_refsource_XF
http://www.squirrelmail.org/security/issue/2006-02-10
x_refsource_CONFIRM
oval:org.mitre.oval:def:9548
vdb-entry
signature
x_refsource_OVAL
DSA-988
vendor-advisory
x_refsource_DEBIAN
19131
third-party-advisory
x_refsource_SECUNIA
GLSA-200603-09
vendor-advisory
x_refsource_GENTOO
1015662
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now