SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while cookie theft is frequently associated with XSS, the vendor disclosure is too vague to be certain of this.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Squirrelmail | Squirrelmail | 1.4.6 | 1.4.6 |