Hello Mat�as, On Wednesday, December 04, 2002, Mat�as L�pez Bergero wrote...
> Is SquirrelMail v1.2.10 vulnerable to the recent discovered XSS bugs > in SquirrelMail v1.2.9??? I don't mean to be silly or anything, but I've really been thinking about this, but if you want to pass the XSS code at that point, then you'd be running the XSS code on yourself. You cannot copy/paste that link to sombody else as they won't login automatically, so from what I am seeing, you'd be running that XSS script on yourself. If you really want to do that, then go ahead. I guess we'll fix it though to please the person that decided they liked to XSS themselves. ;) If anybody can point out how they could apply the same code against somebody else, please email me :) -- Jonathan Angliss ([EMAIL PROTECTED]) ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id)95 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
