VULHUB ™

SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems. In some versions of SquirrelMail, it is possible to include malicious content in HTML formatted email. Insertion of JavaScript is possible. It is also possible to include relative references to other SquirrelMail scripts, possibly leading to malicious actions being undertaken as the authenticated user. It has been reported that it is possible to access the compose.php script in this manner, and send new email as the vulnerable user.

SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems. In some versions of SquirrelMail, it is possible to include malicious content in HTML formatted email. Insertion of JavaScript is possible. It is also possible to include relative references to other SquirrelMail scripts, possibly leading to malicious actions being undertaken as the authenticated user. It has been reported that it is possible to access the compose.php script in this manner, and send new email as the vulnerable user.