MGASA-2021-0010

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0010.html

Import Source

https://advisories.mageia.org/MGASA-2021-0010.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0010

Upstream

CVE-2019-12970

Published

2021-01-08T15:34:55Z

Modified

2026-04-16T04:42:14.891428610Z

Summary

Updated squirrelmail packages fix security vulnerabilities

Details

XSS was discovered in SquirrelMail through 1.4.22. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element ().

An unsafe use of unserialize() in compose.php has also been fixed.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / squirrelmail

Package

Name: squirrelmail
Purl: pkg:rpm/mageia/squirrelmail?arch=source&distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.23-0.svn20201220_0200.1.mga7

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2021-0010.json"