BID:52387

SquirrelMail Autocomplete Plugin Email Addresses Cross Site Scripting Vulnerability

Info

SquirrelMail Autocomplete Plugin Email Addresses Cross Site Scripting Vulnerability

Bugtraq ID:	52387
Class:	Input Validation Error
CVE:	CVE-2012-0323
Remote:	Yes
Local:	No
Published:	Mar 09 2012 12:00AM
Updated:	Mar 09 2012 12:00AM
Credit:	Masaki Konishi of M&K
Vulnerable:	SquirrelMail Autocomplete 2.1 SquirrelMail Autocomplete 2.0 SquirrelMail Autocomplete 0

Not Vulnerable:	SquirrelMail Autocomplete 3.0

Solution / Fix

SquirrelMail Autocomplete Plugin Email Addresses Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references for details.

References

SquirrelMail Autocomplete Plugin Email Addresses Cross Site Scripting Vulnerability

References:

JVN#56653852 SquirrelMail plugin Autocomplete vulnerable to cross-site scripting (JVN)
SquirrelMail Homepage (SquirrelMail)