CVE-2025-30090

Name of the Vulnerable Software and Affected Versions SquirrelMail versions 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401

Description The issue allows for cross-site scripting (XSS) via e-mail headers because JavaScript payloads are mishandled after the $encoded variable has been set to true. This is due to improper neutralization of input during web page generation.

Recommendations For SquirrelMail versions 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401, consider disabling the mime.php file or restricting its use until a patch is available to prevent exploitation of the XSS vulnerability.