SquirrelMail Folder Name Cross-Site Scripting Vulnerability

Bugtraq ID:	10246
Class:	Input Validation Error
CVE:	CAN-2004-0519
Remote:	Yes
Local:	No
Published:	Apr 30 2004 12:00AM
Updated:	Apr 30 2004 12:00AM
Credit:	Disclosure of this issue is credited to Alvin Alex <alvin_gboy@hotmail.com>.
Vulnerable:	SquirrelMail SquirrelMail 1.4.2 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + MandrakeSoft Corporate Server 3.0 + MandrakeSoft Corporate Server 3.0 + RedHat Fedora Core2 + RedHat Fedora Core2 + RedHat Fedora Core2 SquirrelMail SquirrelMail 1.4.1 SquirrelMail SquirrelMail 1.4 SquirrelMail SquirrelMail 1.2.11 SquirrelMail SquirrelMail 1.2.10 SquirrelMail SquirrelMail 1.2.9 SquirrelMail SquirrelMail 1.2.8 + Terra Soft Solutions Yellow Dog Linux 3.0 SquirrelMail SquirrelMail 1.2.7 + RedHat Linux 8.0 SquirrelMail SquirrelMail 1.2.6 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 alpha + Debian Linux 3.0 + Debian Linux 3.0 SquirrelMail SquirrelMail 1.2.5 SquirrelMail SquirrelMail 1.2.4 SquirrelMail SquirrelMail 1.2.3 SquirrelMail SquirrelMail 1.2.2 SquirrelMail SquirrelMail 1.2.1 SquirrelMail SquirrelMail 1.2 .0 SquirrelMail SquirrelMail 1.0.5 SquirrelMail SquirrelMail 1.0.4 SGI ProPack 3.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 RedHat Linux 9.0 i386

Not Vulnerable:	SquirrelMail SquirrelMail 1.4.8