FreeBSD : squirrelmail -- Several XSS vulnerabilities (e879ca68-e01b-11d9-a8bd-000cf18bbe54)
Medium Nessus Plugin ID 19151
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionA SquirrelMail Security Advisory reports :
Several cross site scripting (XSS) vulnerabilities have been discovered in SquirrelMail versions 1.4.0 - 1.4.4.
The vulnerabilities are in two categories: the majority can be exploited through URL manipulation, and some by sending a specially crafted email to a victim. When done very carefully, this can cause the session of the user to be hijacked.
SolutionUpdate the affected packages.