The MITRE CVE dictionary describes this issue as:
webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.
Red Hat security errata
|Red Hat Enterprise Linux version 3 (squirrelmail)||RHSA-2006:0283||May 03, 2006|
|Red Hat Enterprise Linux version 4 (squirrelmail)||RHSA-2006:0283||May 03, 2006|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.