Several cross site scripting (XSS) vulnerabilities have been
discovered in SquirrelMail versions 1.4.0 - 1.4.4.
The vulnerabilities are in two categories: the majority can be
exploited through URL manipulation, and some by sending a specially
crafted email to a victim. When done very carefully,
this can cause the session of the user to be hijacked.