Alvin Alex

**Name of the Vulnerable Software and Affected Versions** SquirrelMail version 1.4.2 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary script as other users, potentially leading to the theft of authentication information. The `mailbox` parameter in the `compose.php` file is one of the attack vectors. **Recommendations** For SquirrelMail version 1.4.2, consider disabling access to the `compose.php` file or restricting the use of the `mailbox` parameter until a fix is available. Avoid using the `mailbox` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.