VULHUB ™

SquirrelMail may not filter some instances of script code that will successfully render in Internet Explorer. Internet Explorer will evaluate JavaScript expressions that are included in Cascading Style-sheets (CSS). This could potentially allow for execution of hostile script code in the context of a user of the web mail system that receives a malicious e-mail. Webmail sessions could be compromised. Other attacks are also possible. The researcher who discovered this issue tested SquirrelMail 1.4, which was found to be vulnerable. The issue appears to be addressed as of SquirrelMail 1.4.2, though this has not been confirmed. It is also not known if other web browser implementations will exhibit similar behavior when confronted with JavaScript expressions in CSS.

SquirrelMail may not filter some instances of script code that will successfully render in Internet Explorer. Internet Explorer will evaluate JavaScript expressions that are included in Cascading Style-sheets (CSS). This could potentially allow for execution of hostile script code in the context of a user of the web mail system that receives a malicious e-mail. Webmail sessions could be compromised. Other attacks are also possible. The researcher who discovered this issue tested SquirrelMail 1.4, which was found to be vulnerable. The issue appears to be addressed as of SquirrelMail 1.4.2, though this has not been confirmed. It is also not known if other web browser implementations will exhibit similar behavior when confronted with JavaScript expressions in CSS.