Test ID:	1.3.6.1.4.1.25623.1.0.14217
Category:	Web application abuses
Title:	SquirrelMail From Email header HTML injection vulnerability
Summary:	The target is running at least one instance of SquirrelMail whose; version number is between 1.2.0 and 1.2.10 inclusive.
Description:	Summary: The target is running at least one instance of SquirrelMail whose version number is between 1.2.0 and 1.2.10 inclusive. Vulnerability Insight: Such versions do not properly sanitize From headers, leaving users vulnerable to XSS attacks. Further, since SquirrelMail displays From headers when listing a folder, attacks does not require a user to actually open a message, only view the folder listing. For example, a remote attacker could effectively launch a DoS against a user by sending a message with a From header such as: From:John Doe<> which rewrites the session ID cookie and effectively logs the user out. Solution: Upgrade to SquirrelMail 1.2.11 or later or wrap the call to sqimap_find_displayable_name in printMessageInfo in functions/mailbox_display.php with a call to htmlentities. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0639 BugTraq ID: 10450 http://www.securityfocus.com/bid/10450 Bugtraq: 20040530 RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability (Google Search) http://marc.info/?l=bugtraq&m=108611554415078&w=2 Conectiva Linux advisory: CLA-2004:858 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858 Debian Security Information: DSA-535 (Google Search) http://www.debian.org/security/2004/dsa-535 http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt XForce ISS Database: squirrelmail-from-header-xss(16285) https://exchange.xforce.ibmcloud.com/vulnerabilities/16285
Copyright	Copyright (C) 2004 David Maciejak

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.