CVE-2002-1276
Summary
An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
- MEDIUM
- NETWORK
- NONE
- NONE
- PARTIAL
- NONE
References
Advisory Timeline
- Published