Intrusion Prevention

SquirrelMail.Email.Header.HTML.Injection

Description

It indicates an attacker attempted to exploit an HTML injection vulnerability in SquirrelMail. SquirrelMail is vulnerable to an email header HTML injection exploit because the application does not sufficiently sanitize user supplied input. This could allow an attacker access to a users authentication cookies and personnel emails.

Affected Products

SquirrelMail SquirrelMail 1.5 and earlier versions

Impact

Information Leakage

Recommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

CVE References

CVE-2004-0520