Red Hat Bugzilla – Bug 197369
CVE-2006-3174 Squirrelmail XSS flaw
Last modified: 2007-11-30 17:11:36 EST
Squirrelmail XSS flaw
A cross site scripting bug was found in the way squirrelmail displays
the "mailbox" parameter when passed to the search.php script.
This issue is only an issue when register_globals is enabled, which is
not suggested under any circumstances.
The original report is here:
The patch is here:
This issue also affects FC4