Mandriva Linux Security Advisory MDKSA-2006-147 - A cross-site scripting (XSS) vulnerability exists in search.php in SquirrelMail versions 1.5.1 and below, when register_globals is enabled, allowing remote attackers to inject arbitrary HTML via the mailbox parameter.
e48f8621a446de70b7a28e43f2b627fd78b7ccb7e8c71e4002f2580436949c2b