Debian Security Advisory DSA 756-1 - Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. Martijn Brinkers discovered cross-site scripting vulnerabilities that allow remote attackers to inject arbitrary web script or HTML in the URL and e-mail messages. James Bercegay of GulfTech Security discovered a vulnerability in the variable handling which could lead to attackers altering other people's preferences and possibly reading them, writing files at any location writable for www-data and cross site scripting.
8e9b29ee1e197edecaa299232f7f26e785385bcf125820709090eaa3dc12b9c8
Gentoo Linux Security Advisory GLSA 200506-19 - SquirrelMail is vulnerable to several cross-site scripting issues, most reported by Martijn Brinkers. Versions less than 1.4.4 are affected.
cf94f3daef360bfa86ae1e8d24375d9c925f3f746b85e7e7efa2e0820a10ac0d