Launchpad.net

CVE 2009-1578

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING).

Related bugs and status

CVE-2009-1578 (Candidate) is related to these bugs:

Bug #375513: Multiple CVEs for Squirrelmail <1.4.17

		In	Importance	Status
375513	Multiple CVEs for Squirrelmail <1.4.17	squirrelmail (Ubuntu)	High	Fix Released
375513	Multiple CVEs for Squirrelmail <1.4.17	squirrelmail (Ubuntu Dapper)	High	Won't Fix
375513	Multiple CVEs for Squirrelmail <1.4.17	squirrelmail (Ubuntu Hardy)	High	Fix Released
375513	Multiple CVEs for Squirrelmail <1.4.17	squirrelmail (Ubuntu Intrepid)	High	Fix Released
375513	Multiple CVEs for Squirrelmail <1.4.17	squirrelmail (Ubuntu Jaunty)	High	Fix Released
375513	Multiple CVEs for Squirrelmail <1.4.17	squirrelmail (Ubuntu Karmic)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-1578

Related bugs and status

Related bugs

References