Hotfix : Security: squirrelmail has cross site scripting vulnerability
Article ID: 2941, created on Oct 29, 2007, last review on Apr 18, 2012
Pro Control Panel Linux
Knowledge ID 2420
Product : Ensim Pro for Linux
Version : 4.1.0
Topic : Hotfix
Title Hotfix : Security: squirrelmail has cross site scripting vulnerability
Summary Addresses the issue "Security: squirrelmail has cross site scripting vulnerability (upgrade to 1.4.9a)"
Product : Ensim Pro for Linux Version : 4.1.0 (Fedora Core 1, Fedora Core 2, Red Hat Enterprise Linux 3ES, Red Hat Enterprise Linux 4ES) Date : 09-January-2007 Description :
Cross site scripting vulnerability via malicious input to the mailto parameter of webmail.php, the session and delete_draft parameters of compose.php. This has been addressed in 1.4.9a.
Cross site scripting vulnerability via a shortcoming in the magicHTML filter. This has been addressed in 1.4.9 and improved in 1.4.9a. Affected Versions:1.4.0 - 1.4.9 Register Globals: Register_globals does not have to be on for this issue.
This hotfix resolves the issue on Ensim Pro for Linux v4.1.0 for the following operating systems :
Fedora Core 1 (FC1)
Fedora Core 2 (FC2)