Martijn Brinkers

**Name of the Vulnerable Software and Affected Versions** SquirrelMail versions 1.4.0 through 1.4.9 **Description** The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via several parameters, including the `mailto` parameter in "webmail.php", the `session` and `delete draft` parameters in "compose.php", and other unspecified vectors related to a shortcoming in the magicHTML filter. **Recommendations** For SquirrelMail versions 1.4.0 through 1.4.9, consider disabling the magicHTML filter as a temporary workaround until a patch is available. Restrict access to the "webmail.php" and "compose.php" scripts to minimize the risk of exploitation. Avoid using the `mailto`, `session`, and `delete draft` parameters in the affected scripts until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SquirrelMail versions 1.4.0 through 1.4.5 **Description** The issue allows remote attackers to inject arbitrary web pages into the right frame via a URL in the `right frame` parameter. This has been referred to as a cross-site scripting (XSS) issue, but it is distinct from what is normally identified as XSS. **Recommendations** For SquirrelMail versions 1.4.0 through 1.4.5, consider restricting access to the `right frame` parameter to prevent arbitrary web page injection until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SquirrelMail versions 1.4.0 through 1.4.5 **Description** The issue is related to an interpretation conflict in the MagicHTML filter, allowing remote attackers to conduct cross-site scripting (XSS) attacks. This can be achieved via style sheet specifiers with invalid comments, such as "/*" and "*/", or a newline in a "url" specifier. Certain web browsers, including Internet Explorer, process these specifiers in a way that enables the attack. **Recommendations** For SquirrelMail versions 1.4.0 through 1.4.5, update to a version that fixes the MagicHTML filter interpretation conflict to prevent cross-site scripting attacks.

**Name of the Vulnerable Software and Affected Versions** SquirrelMail versions 1.4.0 through 1.4.4 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the URL or an e-mail message. **Recommendations** For SquirrelMail versions 1.4.0 through 1.4.4, update to a version that contains a fix for this issue.