Ubuntu Security Notice USN-201-1 - Several Cross Site Scripting vulnerabilities were discovered in SqWebmail. A remote attacker could exploit this to execute arbitrary JavaScript or other active HTML embeddable content in the web browser of an SqWebmail user by sending specially crafted emails to him.
77f385a07aab0f26683455daa55f4dceae7dee8e270e80256706eace3763bca8
Debian Security Advisory DSA 820-1 - Jakob Balle discovered that with Conditional Comments in Internet Explorer it is possible to hide javascript code in comments that will be executed when the browser views a malicious email via sqwebmail. Successful exploitation requires that the user is using Internet Explorer.
d39e1b10d15a759ca8220ce2607902c1ac4d3eea7d83cd7421c8f083820eb551