CVE-2004-0639

Name of the Vulnerable Software and Affected Versions Squirrelmail versions 1.2.10 and earlier

Description The issue allows remote attackers to inject arbitrary HTML or script via several vectors, including the mailer variable in read body.php, the senderNames part variable in mailbox display.php, and possibly other vectors such as the event title variable or the event text variable.

Recommendations For Squirrelmail versions 1.2.10 and earlier, as a temporary workaround, consider restricting access to the read body.php and mailbox display.php scripts until a patch is available. Avoid using the mailer and senderNames part variables in these scripts until the issue is resolved. Additionally, restrict the use of the event title and event text variables if they are confirmed to be vulnerable.