Launchpad CVE tracker

CVE 2006-6142

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."

Related bugs and status

CVE-2006-6142 (Candidate) is related to these bugs:

Bug #78144: CVE-2006-6142 Cross site scripting in compose, draft & HTML mail viewing

		In	Importance	Status
78144	CVE-2006-6142 Cross site scripting in compose, draft & HTML mail viewing	squirrelmail (Ubuntu)	Undecided	Fix Released
78144	CVE-2006-6142 Cross site scripting in compose, draft & HTML mail viewing	squirrelmail (Ubuntu Breezy)	Undecided	Invalid
78144	CVE-2006-6142 Cross site scripting in compose, draft & HTML mail viewing	squirrelmail (Ubuntu Dapper)	Undecided	Fix Released
78144	CVE-2006-6142 Cross site scripting in compose, draft & HTML mail viewing	squirrelmail (Ubuntu Feisty)	Undecided	Fix Released
78144	CVE-2006-6142 Cross site scripting in compose, draft & HTML mail viewing	squirrelmail (Ubuntu Edgy)	Undecided	Fix Released

Bug #115149: Please backport for squirrelmail from gutsy to dapper, edgy, and feisty

		In	Importance	Status
115149	Please backport for squirrelmail from gutsy to dapper, edgy, and feisty	Dapper Backports	Wishlist	Fix Released
115149	Please backport for squirrelmail from gutsy to dapper, edgy, and feisty	Edgy Backports	Wishlist	Fix Released
115149	Please backport for squirrelmail from gutsy to dapper, edgy, and feisty	Feisty Backports	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2006-6142

References