SquirrelMail Multiple Cross-Site Scripting and IMAP Injection Vulnerabilities

SquirrelMail is susceptible to multiple cross-site scripting and IMAP-injection vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input.

An attacker may leverage any of the cross-site scripting issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

An attacker may leverage the IMAP-injection issue to execute arbitrary IMAP commands on the configured IMAP server. This may aid attackers in further attacks and allow them to exploit latent vulnerabilities in the IMAP server.


Privacy Statement
Copyright 2010, SecurityFocus