package: sqwebmail severity: important tags: security Secunia Research has discovered a vulnerability in SqWebMail, which can be exploited by malicious people to conduct script insertion attacks.
The vulnerability is caused due to SqWebMail allowing usage of e.g. the "<script>" tag within an HTML comment. This, combined with "Conditional Comments" in Internet Explorer, can be exploited to execute arbitrary script code in a user's browser session in context of a vulnerable site when a malicious email is viewed. Successful exploitation requires that the user is using Internet Explorer. Example in an HTML email: <!--[if IE]> <script>alert("Vulnerable!");</script> <![endif]--> See http://secunia.com/secunia_research/2005-44/advisory/ for more information. -- LinuXia Systems => http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP => http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]