CVE 2008-2379
Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.
Related bugs and status
CVE-2008-2379 (Candidate) is related to these bugs:
Bug #306536: CVE-2008-2379 insufficient input sanitising
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 306536 | CVE-2008-2379 insufficient input sanitising | squirrelmail (Ubuntu) | Medium | Fix Released | ||
| 306536 | CVE-2008-2379 insufficient input sanitising | squirrelmail (Ubuntu Dapper) | Medium | Fix Released | ||
| 306536 | CVE-2008-2379 insufficient input sanitising | squirrelmail (Ubuntu Gutsy) | Medium | Fix Released | ||
| 306536 | CVE-2008-2379 insufficient input sanitising | squirrelmail (Ubuntu Hardy) | Medium | Fix Released | ||
| 306536 | CVE-2008-2379 insufficient input sanitising | squirrelmail (Ubuntu Jaunty) | Medium | Fix Released | ||
| 306536 | CVE-2008-2379 insufficient input sanitising | squirrelmail (Ubuntu Intrepid) | Medium | Fix Released | ||
Bug #328938: CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 328938 | CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL | squirrelmail (Ubuntu) | Undecided | Fix Released | ||
| 328938 | CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL | squirrelmail (Ubuntu Hardy) | Undecided | Fix Released | ||
| 328938 | CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL | squirrelmail (Ubuntu Gutsy) | Undecided | Fix Released | ||
| 328938 | CVE-2008-3663 Cookies for SSL connection could be sent over non-SSL | squirrelmail (Ubuntu Dapper) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
