• info
• discussion
• exploit
• solution
• references

SquirrelMail Multiple Cross Site Scripting and Input Validation Vulnerabilities

Solution:
The vendor has released a fix to address this issue.

Please see the referenced advisories for more information.


SquirrelMail SquirrelMail 1.4.4

• Debian squirrelmail_1.4.4-10_all.deb
  http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelma il_1.4.4-10_all.deb

SquirrelMail SquirrelMail 1.4.6

• RedHat squirrelmail-1.4.8-3.fc5.noarch.rpm
  Fedora Core 5
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/


• RedHat squirrelmail-1.4.8-3.fc5.src.rpm
  Fedora Core 5
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

SquirrelMail SquirrelMail 1.4.7

• SquirrelMail SquirrelMail Release 1.4.9a
  http://sourceforge.net/project/shownotes.php?release_id=468482

SquirrelMail SquirrelMail 1.4.8

• Mandriva /squirrelmail-ar-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-ar-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-bg-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-bg-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-bn-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-bn-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-ca-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-ca-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-cs-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-cs-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-cy-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-cy-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-cyrus-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-cyrus-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-da-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-da-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-de-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-de-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-el-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-el-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-en-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-en-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-es-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-es-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-et-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-et-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-eu-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-eu-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-fa-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-fa-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-fi-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-fi-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-fo-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-fo-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-fr-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-fr-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-he-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-he-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-hr-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-hr-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-hu-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-hu-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-id-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-is-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-is-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-it-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-it-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-ja-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-ja-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-ka-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-ka-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-ko-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-ko-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-lt-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-lt-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-ms-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-ms-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-nb-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-nb-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-nl-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-nl-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-nn-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-nn-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-pl-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-pl-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-poutils-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-poutils-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-pt-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-pt-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-ro-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-ro-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-ru-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-ru-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-sk-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-sk-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-sl-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-sl-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-sr-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-sr-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-sv-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-sv-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-th-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-th-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-tl-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-tl-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-tr-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-tr-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-ug-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-ug-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-uk-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-uk-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-vi-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-vi-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-zh_CN-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-zh_CN-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-zh_TW-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva squirrelmail-zh_TW-1.4.8-3.1.20060mlcs4.noarch.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download

Apple Mac OS X Server 10.3.9

• Apple SecUpdSrvr2007-007Pan.dmg For Mac OS X Server v10.3.9
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.4.10

• Apple SecUpd2007-007Ti.dmg For Mac OS X v10.4.10 (PowerPC)
  http://www.apple.com/support/downloads/


• Apple SecUpd2007-007Univ.dmg For Mac OS X v10.4.10 (Universal)
  http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.4.10

• Apple SecUpdSrvr2007-007Ti.dmg For Mac OS X Server v10.4.10 (PowerPC)
  http://www.apple.com/support/downloads/


• Apple SecUpdSrvr2007-007Universal.dmg For Mac OS X Server v10.4.10 (Universal)
  http://www.apple.com/support/downloads/