Squirrelmail XSS flaw A cross site scripting bug was found in the way squirrelmail displays the "mailbox" parameter when passed to the search.php script. This issue is only an issue when register_globals is enabled, which is not suggested under any circumstances. The original report is here: http://pridels.blogspot.com/2006/06/squirrelmail-151-xss-vuln.html The patch is here: http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/src/search.php?r1=1.92.2.15&r2=1.92.2.16 This issue also affects FC4
Pushed in squirrelmail-1.4.7-2.fc4 squirrelmail-1.4.7-2.fc5