Family: CGI abuses : XSS --> Category: infos
SquirrelMail XSS and Local Privilege Escalation Vulnerability Scan
Vulnerability Scan Summary
SquirrelMail XSS and Local escalation
Detailed Explanation for this Vulnerability Test
The remote host is running SquirrelMail, a web-based mail server.
There are several flaws in all versions less than 1.4.3 and development
versions 1.5.0 and 1.5.1 which allow for local root access and remote
Cross-Site-Scripting (XSS) attacks.
***** Nessus has acertaind the vulnerability exists on the target
***** simply by looking at the version number of Squirrelmail
***** installed there.
Solution : Upgrade to SquirrelMail 1.4.3 or greater.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.