Package: sqwebmail Version: 0.47-4 Severity: important Tags: security sqwebmail is vulnerable to a cross-site scripting attack:
Input passed to the "redirect" parameter is not properly sanitised. This can be exploited to inject malicious characters into HTTP headers and may allow execution of arbitrary HTML and script code in a user's browser session in context of an affected site. Details here: http://secunia.com/advisories/15119 This is supposed to be a working proof of concept, but I've not actually tested it: sqwebmail?redirect=%0d%0a%0d%0a[INJECT SCRIPT] -- see shy jo
signature.asc
Description: Digital signature
