Luc Beurton

Name of the Vulnerable Software and Affected Versions: SquirrelMail versions prior to 1.4.18 Description: The issue allows remote attackers to spoof the user interface and conduct cross-site scripting (XSS) and phishing attacks via a crafted HTML e-mail message. This is due to the application's content not being protected from Cascading Style Sheets (CSS) positioning in HTML e-mail messages. Recommendations: For versions prior to 1.4.18, update to version 1.4.18 or later to resolve the issue. As a temporary workaround, consider restricting the use of HTML e-mail messages until the update is applied.