Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A614
http://www.redhat.com/support/errata/RHSA-2003-112.html
http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988