High severity7.2NVD Advisory· Published Apr 2, 2025· Updated Apr 15, 2026

CVE-2025-30090

Description

mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true.

Affected products

SquirrelMail/Squirrelmailinferred
Range: <=1.4.23-svn-20250401 || >=1.5,<=1.5.2-svn-20250401

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

squirrelmail.orgnvd
squirrelmail.org/security/issue.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.468
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000