icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

SquirrelMail < 1.4.4-RC1 webmail.php XSS

Medium

Synopsis

The remote host is running SquirrelMail, a webmail system written in PHP.

Description

The remote host is running SquirrelMail, a webmail system written in PHP. Versions of SquirrelMail prior to 1.4.4-RC1 are vulnerable to a cross-site scripting (XSS) vulnerability. A remote attacker can exploit this flaw to run malicious code within a web browser.

Solution

Upgrade to version 1.4.4-RC1 or higher.