Ubuntu Security Notice USN-201-1 - Several Cross Site Scripting vulnerabilities were discovered in SqWebmail. A remote attacker could exploit this to execute arbitrary JavaScript or other active HTML embeddable content in the web browser of an SqWebmail user by sending specially crafted emails to him.
77f385a07aab0f26683455daa55f4dceae7dee8e270e80256706eace3763bca8
Debian Security Advisory DSA 793-1 - Jakob Balle discovered a vulnerability in the handling of attachments in sqwebmail, a web mail application provided by the courier mail suite, which can be exploited by an attacker to conduct script insertion attacks.
08d015d40c6f7837225c6fb1edfe3576be98f626ffb34864253e71e43092907f