Mandriva Linux Security Advisory - A number of HTML filtering bugs were found in SquirrelMail that could allow an attacker to inject arbitrary JavaScript leading to cross-site scripting attacks by sending an email viewed by a user within SquirrelMail. As well, SquirrelMail did not sufficiently check arguments to IMG tags in HTML messages that could be exploited by an attacker by sending arbitrary email messages on behalf of a SquirrelMail user tricked into opening a maliciously-crafted HTML email message.
f2c75350c3a0b0e1036e3a6b8df93ac53a3624a18b3fe31ea42d6b949b44dbc3