CVE-2007-1262

Name of the Vulnerable Software and Affected Versions SquirrelMail versions 1.4.0 through 1.4.9a

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the HTML filter. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This can be achieved via the data: URI in an HTML e-mail attachment or through various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.

Recommendations For SquirrelMail versions 1.4.0 through 1.4.9a, update to a version that includes a fix for the HTML filter vulnerabilities to prevent XSS attacks.