SquirrelMail read_body.php跨站脚本漏洞

漏洞信息详情

SquirrelMail read_body.php跨站脚本漏洞

• CNNVD编号：CNNVD-200212-034
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2002-1341
  
• 漏洞类型：
  
  
  跨站脚本
  
• 发布时间：
  
  2002-12-18
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  squirrelmail
• 漏洞来源：
  .’);”>The discovery of t…

用于SquirrelMail 1.2.10，1.2.9及其早期版本的read_body.php存在跨站脚本（XSS）漏洞。远程攻击者可以借助（1）mailbox和（2）passed_id参数插入脚本和HTML。

Gentoo Linux has released an advisory. Users who have installed net-mail/squirrelmail-1.2.9 and earlier are advised to update their systems by issuing the following commands:
emerge rsync
emerge squirrelmail
emerge clean
SquirrelMail SquirrelMail 1.2.6

• Debian squirrelmail_1.2.6-1.3_all.deb
  
  http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelma
  il_1.2.6-1.3_all.deb

SquirrelMail SquirrelMail 1.2.7

• RedHat squirrelmail-1.2.10-1.noarch.rpm
  ftp://updates.redhat.com/8.0/en/os/noarch/squirrelmail-1.2.10-1.noarch
  .rpm

SquirrelMail SquirrelMail 1.2.8

• RedHat squirrelmail-1.2.10-1.noarch.rpm
  ftp://updates.redhat.com/8.0/en/os/noarch/squirrelmail-1.2.10-1.noarch
  .rpm

来源: BID
名称: 6302
链接:http://www.securityfocus.com/bid/6302

来源: REDHAT
名称: RHSA-2003:042
链接:http://www.redhat.com/support/errata/RHSA-2003-042.html

来源: DEBIAN
名称: DSA-220
链接:http://www.debian.org/security/2002/dsa-220

来源: BUGTRAQ
名称: 20021203 SquirrelMail v1.2.9 XSS bugs
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103893844126484&w=2

来源: f0kp.iplus.ru
链接:http://f0kp.iplus.ru/bz/008.txt

来源: XF
名称: squirrelmail-readbody-xss(10754)
链接:http://xforce.iss.net/xforce/xfdb/10754

来源: SECUNIA
名称: 8220
链接:http://secunia.com/advisories/8220

来源: BUGTRAQ
名称: 20021215 GLSA: squirrelmail
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104004924002662&w=2

来源: BUGTRAQ
名称: 20021203 Re: SquirrelMail v1.2.9 XSS bugs
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103911130503272&w=2