Multiple XSS vulnerabilities exist:
- XSS with $_GET[domain] in templates/menu.php and
edit-vacation
- XSS in some create-domain input fields
- XSS in create-alias and edit-alias error message
- XSS (by values stored in the database) in fetchmail list
view, list-domain and list-virtual
Multiple SQL injection issues exist:
- SQL injection in pacrypt() (if $CONF[encrypt] ==
'mysql_encrypt')
- SQL injection in backup.php - the dump was not mysql_escape()d,
therefore users could inject SQL (for example in the vacation message)
which will be executed when restoring the database dump.
WARNING: database dumps created with backup.php from 2.3.4 or older
might contain malicious SQL. Double-check before using them!