Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
[Suspected Spam]XSS in Squirrelmail plugin 'Virtual Keyboard' <= 0.9.1
Oct 05 2010 08:55PM
Moritz Naumann (security moritz-naumann com)
Squirrelmail plugin 'Virtual Keyboard' version 0.9.1 and lower is
vulnerable to cross site scripting (XSS).
The vkeyboard.php script fails to sanitize the value of HTTP GET
parameter 'passformname' which the script stores in a variable of the
same name and outputs (unmodified) into a HTML docu...
[ more ]
Copyright 2010, SecurityFocus