Synopsis :

The remote SuSE system is missing the security patch squirrelmail-3629

Description :

This update of squirrelmail fixes two cross-site-scripting
vulnerabilities that can be used by an attacker to read
opened emails (CVE-2007-1262) and to send email on behalf
of the user (CVE-2007-2589).

Solution :

Install the squirrelmail-3629 security patch by using 'yast', for example.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)