CVE-2002-1276

Medium

4.3/10

Summary

An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: PARTIAL
Availability Impact: NONE

References

Advisory Timeline

Published Nov 29, 2002

CVE-2002-1276

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS