SqWebMail Email Header HTML Injection Vulnerability
The vendor has released version 4.0.5 dealing with this issue. Users of affected packages are urged to upgrade.
Debian has released an advisory (DSA 533-1) to address this issue. Please see the referenced advisory for more information.
Inter7 SqWebMail 4.0.4 .20040524