Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
MITRE description: An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.