>> We have found that the following lines of code from SquirrelMail are >> vulnerable to script injection. We have listed them below. If you'd >> like more detailed information, please feel welcome to e-mail me. >> More importantly, if you intend to patch this vulnerability in the >> future, please also reply and let me know. Thanks a lot! > > Thank you for your report on this issue. We shall look into the issue, > and any fixes shall be applied to the CVS code which will be included > in the next release. If patches are required, please contact us and > notify us.
This has been fixed now in devel and stable cvs. When preparing the calendar plugin replacement, it should be checked that this replacement is also not vulnerable to this hole. Thijs ------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
