Roman Medina

**Name of the Vulnerable Software and Affected Versions** SquirrelMail versions prior to 1.4.3 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to insert arbitrary HTML and script via the content-type mail header. This can be achieved by exploiting the mime.php file. **Recommendations** For versions prior to 1.4.3, update to version 1.4.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SquirrelMail versions prior to 1.4.3 RC1 **Description** The issue allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via the "abook database.php" endpoint. **Recommendations** For versions prior to 1.4.3 RC1, update to version 1.4.3 RC1 or later to resolve the issue.