Launchpad CVE tracker

CVE 2006-3174

Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.

Related bugs and status

CVE-2006-3174 (Candidate) is related to these bugs:

Bug #328938: CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL

		In	Importance	Status
328938	CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL	squirrelmail (Ubuntu)	Undecided	Fix Released
328938	CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL	squirrelmail (Ubuntu Hardy)	Undecided	Fix Released
328938	CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL	squirrelmail (Ubuntu Gutsy)	Undecided	Fix Released
328938	CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL	squirrelmail (Ubuntu Dapper)	Undecided	Fix Released

Bug #348839: [dapper] security vulnerabilities with register_globals enabled: CVE-2006-3665 CVE-2006-3174

Summary				In	Importance	Status
	348839	[dapper] security vulnerabilities with register_globals enabled: CVE-2006-3665 CVE-2006-3174		squirrelmail (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2006-3174

References