CVE-2002-2086

Name of the Vulnerable Software and Affected Versions: SquirrelMail versions prior to 1.2.6

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the magicHTML component of SquirrelMail. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This can be achieved through two methods: (1) by inserting "<<script" in unspecified input fields, or (2) by using a javascript: URL in the src attribute of an IMG tag.

Recommendations: For versions prior to 1.2.6, update to version 1.2.6 or later to resolve the issue. As a temporary workaround, consider restricting user input in fields that may be used to inject malicious scripts, and avoid using javascript: URLs in the src attribute of IMG tags until the update is applied.