Launchpad.net

CVE 2006-0188

webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.

Related bugs and status

CVE-2006-0188 (Candidate) is related to these bugs:

Bug #115149: Please backport for squirrelmail from gutsy to dapper, edgy, and feisty

		In	Importance	Status
115149	Please backport for squirrelmail from gutsy to dapper, edgy, and feisty	Dapper Backports	Wishlist	Fix Released
115149	Please backport for squirrelmail from gutsy to dapper, edgy, and feisty	Edgy Backports	Wishlist	Fix Released
115149	Please backport for squirrelmail from gutsy to dapper, edgy, and feisty	Feisty Backports	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.squirrelmai...
BID: 16756
SECTRACK: 1015662
SECUNIA: 18985
DEBIAN: DSA-988
FEDORA: FEDORA-2006-133
SUSE: SUSE-SR:2006:005
SECUNIA: 19131
SECUNIA: 19130
SECUNIA: 19176
GENTOO: GLSA-200603-09
SECUNIA: 19205
REDHAT: RHSA-2006:0283
SECUNIA: 19960
SGI: 20060501-01-U
SECUNIA: 20210
MANDRIVA: MDKSA-2006:049
VUPEN: ADV-2006-0689
XF: squirrelmail-webmail-x...
OVAL: oval:org.mitre.oval:de...