1.4.12

DATE	CVE	VULNERABILITY TITLE	RISK
2009-05-14	CVE-2009-1578	Cross-Site Scripting vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) certain encrypted strings in e-mail headers, related to contrib/decrypt_headers.php; (2) PHP_SELF; and (3) the query string (aka QUERY_STRING). network squirrelmail CWE-79	4.3
2008-12-05	CVE-2008-2379	Cross-Site Scripting vulnerability in Squirrelmail Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. network squirrelmail CWE-79	4.3
2007-12-14	CVE-2007-6348	Code Injection vulnerability in Squirrelmail 1.4.11/1.4.12 SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code. network squirrelmail CWE-94	6.8