JVN#09157962: SquirrelMail vulnerable to cross-site scripting

SquirrelMail from SquirrelMail Project is an open source webmail (web-based email).
SquirrelMail contains an issue in handling specific character encoding and processing “data:” URL, which may result in cross-site scripting.

Impact

An arbitrary script may be executed on the user’s web browser.

Solution

Update the Software
Update to the latest version of SquirrelMail according to the information provided by the developer.

The issue was resolved in SquirrelMail 1.4.10.

Products Affected

• SquirrelMail 1.4.0 to 1.4.9a