Multiple security vulnerabilties exist in SquirrelMail < v 1.2.3 that
allow malicious HTML messages to:
* send messages appearing to come from the user
* run arbitrary javascript
Description
-----------
The compose.php script allows parameters to be passed as GETs. Therefore
including the following in an HTML mail will send a message to x@y.com:
<img
src="compose.php?send_to=x@y.com&subject=foo&bar=bar&send=1">
The read_body.php script does not check HTML tags for javascript. A
trivial example:
<img src="javascript:alert('Oh dear')">
Resolution
----------
Upgrade to version 1.2.3 of SquirrelMail
Acknowledgements
----------------
Thanks to for Philippe Mingo for fixing this bug
