Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Address_add_plugin | Squirrelmail | 1.9 (including) | 1.9 (including) |
| Address_add_plugin | Squirrelmail | 2.0 (including) | 2.0 (including) |
References
- http://docs.info.apple.com/article.html?artnum=306172
- http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
- http://marc.info/?l=bugtraq\u0026m=112801672520766\u0026w=2
- http://moritz-naumann.com/adv/0002/sqmadd/0002.txt
- http://secunia.com/advisories/16987/
- http://secunia.com/advisories/26235
- http://securitytracker.com/id?1014988
- http://squirrelmail.org/plugin_view.php?id=101
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:178
- http://www.securityfocus.com/bid/14973
- http://www.securityfocus.com/bid/25159
- http://www.vupen.com/english/advisories/2007/2732
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22453
- http://docs.info.apple.com/article.html?artnum=306172
- http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
- http://marc.info/?l=bugtraq\u0026m=112801672520766\u0026w=2
- http://moritz-naumann.com/adv/0002/sqmadd/0002.txt
- http://secunia.com/advisories/16987/
- http://secunia.com/advisories/26235
- http://securitytracker.com/id?1014988
- http://squirrelmail.org/plugin_view.php?id=101
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:178
- http://www.securityfocus.com/bid/14973
- http://www.securityfocus.com/bid/25159
- http://www.vupen.com/english/advisories/2007/2732
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22453