Support / Security / Advisories / Corporate Server 3.0 / MDKSA-2005:178

Package name: squirrelmail
Date: 2005-10-11
Advisory ID: MDKSA-2005:178
Affected versions: CS3.0 i586 , CS3.0 x86_64

Problem description

A cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag. The updated packages have an updated Address Add plugin to correct this problem.

Updated packages

CS3.0 i586

 2341c318bfbd7734dc8b79034069885b  corporate/3.0/RPMS/squirrelmail-1.4.2-11.2.C30mdk.noarch.rpm
944a7c659d7dd2ceef0c4eef2876628e  corporate/3.0/RPMS/squirrelmail-poutils-1.4.2-11.2.C30mdk.noarch.rpm
edf57fba5bb134453ba7dbe8d18339f5  corporate/3.0/SRPMS/squirrelmail-1.4.2-11.2.C30mdk.src.rpm

CS3.0 x86_64

 ef69fe51a0b58e202cbcec5e9cfcee83  x86_64/corporate/3.0/RPMS/squirrelmail-1.4.2-11.2.C30mdk.noarch.rpm
54244c96e2f1a1c27f074fbe6ed4ea85  x86_64/corporate/3.0/RPMS/squirrelmail-poutils-1.4.2-11.2.C30mdk.noarch.rpm
edf57fba5bb134453ba7dbe8d18339f5  x86_64/corporate/3.0/SRPMS/squirrelmail-1.4.2-11.2.C30mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3128