CVE-2004-0519

Name of the Vulnerable Software and Affected Versions SquirrelMail version 1.4.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary script as other users, potentially leading to the theft of authentication information. The mailbox parameter in the compose.php file is one of the attack vectors.

Recommendations For SquirrelMail version 1.4.2, consider disabling access to the compose.php file or restricting the use of the mailbox parameter until a fix is available. Avoid using the mailbox parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.