SqWebMail HTML Email IMG Tag Script Injection Vulnerability

SqWebMail is affected by a vulnerability that may allow remote attackers to inject and execute arbitrary script code in a user's browser.

This may allow for various attacks including session hijacking due to the theft of user credentials.

SqWebMail 5.0.4 is reportedly vulnerable to this issue. It is possible that other versions are affected as well.


 

Privacy Statement
Copyright 2010, SecurityFocus