Warning message

This translation is outdated. For the most up-to-date information, please refer to the English version.

CVE-2006-6142

Impact:
Moderate
Public Date:
2006-12-02
Bugzilla:
218297: CVE-2006-6142 Three XSS issues in SquirrelMail

The MITRE CVE dictionary describes this issue as:

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."

Find out more about CVE-2006-6142 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (squirrelmail) RHSA-2007:0022 2007-01-31
Red Hat Enterprise Linux 4 (squirrelmail) RHSA-2007:0022 2007-01-31

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.