TUCoPS :: Windows Net Apps

TUCoPS :: Windows Net Apps :: V7-1061.HTM
SqWebMail Conditional Comments Script Insertion

Secunia Research: SqWebMail Conditional Comments Script Insertion Secunia Research: SqWebMail Conditional Comments Script Insertion


====================================================================== 

                     Secunia Research 06/09/2005

  - SqWebMail Conditional Comments Script Insertion Vulnerability -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

====================================================================== 
1) Affected Software 

SqWebMail 5.0.4

Prior versions may also be affected.

====================================================================== 
2) Severity 

Rating: Moderately Critical
Impact: Script Insertion
Where:  From Remote

====================================================================== 
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in SqWebMail, which
can be exploited by malicious people to conduct script insertion
attacks.

The vulnerability is caused due to SqWebMail allowing usage of e.g.
the "