tags 375782 unreproducible upstream thanks Hello Alec,
On Tue, 2006-06-27 at 21:29 -0400, Alec Berryman wrote: > CVE-2006-3174: "Cross-site scripting (XSS) vulnerability in search.php > in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, > allows remote attackers to inject arbitrary HTML via the mailbox > parameter." I've taken a look, and can't reproduce the issue at all. I'm also not sure how it should work and how it relates to the register_globals that was mentioned. The report excells in vagueness. I've forwarded the issue upstream for some others to look at, maybe someone else can figure out how to reproduce it or whether it's bogus. thanks, Thijs
signature.asc
Description: This is a digitally signed message part
