SquirrelMail latest version (although is tested on version 1.4.2) is prone to many cross scripting attacks that can be used to steal user cookies.The Exploit lies in the way squirrel mail represents the folder names and shows them.To make the matters worse.No extra unique variable added to the url...
SquirrelMail latest version (although is tested on version 1.4.2) is prone to many cross scripting attacks that can be used to steal user cookies.The Exploit lies in the way squirrel mail represents the folder names and shows them.To make the matters worse.No extra unique variable added to the url...
[ more ]