=====================================================================

                                CERT-Renater

                      Note d'Information No. 2012/VULN113
_____________________________________________________________________

DATE                : 12/03/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running squirrelmail versions prior to 3.0.

======================================================================
http://www.squirrelmail.org/security/issue/2012-03-09
_______________________________________________________________________

Security
Cross-site scripting vulnerability in the Autocomplete plugin

Date:
    2012-03-09

Description:
    A malicious user that can convince any other user to add some
specially-formatted contact details into the victim's address book
would have the ability to run script code in the victim's browser,
potentially exposing the victim's account or account data to the
attacker.

Affected Versions:
    < 3.0

Register Globals:
    Register_globals does not have to be on for this issue.

CVE ID(s):
    CVE-2012-0323

Patch:
    n/a

Credits:
    Masaki Konishi & JPCERTT/CC


This page last updated:
    2012-03-09 00:00:00
======================================================================

=========================================================
Les serveurs de référence du CERT-Renater
http://www.cru.fr/securite
http://www.renater.fr
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================