Red Hat Bugzilla – Bug 239831
CVE-2007-2589 CSRF through HTML message in squirrelmail
Last modified: 2007-11-30 17:07:44 EST
Tracking bug for this issue affecting 5.1; see "blocks" bug for details.
+++ This bug was initially created as a clone of Bug #239828 +++
<img src="compose.php?..."> was allowed in HTML e-mail mesages.
See URL for whole upstream advisory.
The fix for this issue is the same as for CVE-2007-1262, bug #239647.