Launchpad.net

CVE 2007-1262

Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.

Related bugs and status

CVE-2007-1262 (Candidate) is related to these bugs:

Bug #113725: Cross site scripting in HTML filter

		In	Importance	Status
113725	Cross site scripting in HTML filter	squirrelmail (Ubuntu)	High	Fix Released
113725	Cross site scripting in HTML filter	squirrelmail (Ubuntu Dapper)	High	Fix Released
113725	Cross site scripting in HTML filter	squirrelmail (Ubuntu Edgy)	High	Fix Released
113725	Cross site scripting in HTML filter	squirrelmail (Ubuntu Feisty)	High	Fix Released
113725	Cross site scripting in HTML filter	squirrelmail (Ubuntu Gutsy)	High	Fix Released

Bug #115149: Please backport for squirrelmail from gutsy to dapper, edgy, and feisty

		In	Importance	Status
115149	Please backport for squirrelmail from gutsy to dapper, edgy, and feisty	Dapper Backports	Wishlist	Fix Released
115149	Please backport for squirrelmail from gutsy to dapper, edgy, and feisty	Edgy Backports	Wishlist	Fix Released
115149	Please backport for squirrelmail from gutsy to dapper, edgy, and feisty	Feisty Backports	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.squirrelmai...
DEBIAN: DSA-1290
BID: 23910
SECTRACK: 1018033
SECUNIA: 25200
REDHAT: RHSA-2007:0358
SECUNIA: 25236
SECUNIA: 25320
CONFIRM: https://issues.rpath.c...
SECUNIA: 25690
SUSE: SUSE-SR:2007:013
CONFIRM: http://docs.info.apple...
APPLE: APPLE-SA-2007-07-31
BID: 25159
SECUNIA: 26235
MANDRIVA: MDKSA-2007:106
SECUNIA: 25787
VUPEN: ADV-2007-1748
VUPEN: ADV-2007-2732
JVN: JVN#09157962
JVNDB: JVNDB-2007-000398
OSVDB: 35887
OSVDB: 35888
OVAL: oval:org.mitre.oval:de...