CVE - CVE-2007-1262

CVE-ID
CVE-2007-1262	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://www.squirrelmail.org/security/issue/2007-05-09 CONFIRM:https://issues.rpath.com/browse/RPL-1353 CONFIRM:http://docs.info.apple.com/article.html?artnum=306172 APPLE:APPLE-SA-2007-07-31 URL:http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html DEBIAN:DSA-1290 URL:http://www.debian.org/security/2007/dsa-1290 MANDRIVA:MDKSA-2007:106 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:106 REDHAT:RHSA-2007:0358 URL:https://rhn.redhat.com/errata/RHSA-2007-0358.html SUSE:SUSE-SR:2007:013 URL:http://www.novell.com/linux/security/advisories/2007_13_sr.html JVN:JVN#09157962 URL:http://jvn.jp/en/jp/JVN09157962/index.html JVNDB:JVNDB-2007-000398 URL:http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000398.html BID:23910 URL:http://www.securityfocus.com/bid/23910 BID:25159 URL:http://www.securityfocus.com/bid/25159 OSVDB:35887 URL:http://osvdb.org/35887 OSVDB:35888 URL:http://osvdb.org/35888 OVAL:oval:org.mitre.oval:def:11712 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11712 VUPEN:ADV-2007-1748 URL:http://www.vupen.com/english/advisories/2007/1748 VUPEN:ADV-2007-2732 URL:http://www.vupen.com/english/advisories/2007/2732 SECTRACK:1018033 URL:http://www.securitytracker.com/id?1018033 SECUNIA:25200 URL:http://secunia.com/advisories/25200 SECUNIA:25236 URL:http://secunia.com/advisories/25236 SECUNIA:25320 URL:http://secunia.com/advisories/25320 SECUNIA:25690 URL:http://secunia.com/advisories/25690 SECUNIA:26235 URL:http://secunia.com/advisories/26235 SECUNIA:25787 URL:http://secunia.com/advisories/25787
Assigning CNA
N/A
Date Entry Created
20070303	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070303)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org