SquirrelMail read_body.php Cross Site Scripting Vulnerability

info
discussion
exploit
solution
references

SquirrelMail read_body.php Cross Site Scripting Vulnerability

A vulnerability has been discovered in SquirrelMail. The read_body.php script fails to adequately sanitize user-supplied parameters, making it prone to cross site scripting attacks. An attacker may be able to exploit this vulnerability to execute embedded script code in an HTML email that is read by a vulnerable client.