Leonel Nunez wrote: > http://www.squirrelmail.org/security/issue/2005-06-15 > > there's a xss bug > or Sarge is not vulnerable ? It is, please see #314374.