mailing list archives
Re: Squirrelmail CVE duplicates
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 25 Jul 2011 13:29:04 +0200
thank you for checking this.
On 07/24/2011 06:17 PM, Moritz Muehlenhoff wrote:
there seems to be a duplicate CVE assignment for Squirrelmail?
CVE-2010-4555 / CVE-2011-2753
If I got it right, the CVE-2010-4555 ID has been assigned to the XSS
Multiple cross-site scripting (XSS) flaws were found in the SquirrelMail
* XSS flaws in generic options inputs,
* XSS flaw in the SquirrelSpell plug-in,
* XSS flaw in the Index Order page.
while the CVE-2011-2753 ID has been assigned to the CSRF protection add-ons:
Also protection against Cross-site Request Forgery (CSRF) flaws has
been added to the empty trash feature and to the Index Order page.
Hope this helps && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team