SqWebMail 5.0.4 - HTML Email IMG Tag Script Injection
source: https://www.securityfocus.com/bid/14676/info
SqWebMail is affected by a vulnerability that may allow remote attackers to inject and execute arbitrary script code in a user's browser.
This may allow for various attacks including session hijacking due to the theft of user credentials.
SqWebMail 5.0.4 is reportedly vulnerable to this issue. It is possible that other versions are affected as well.
<img src="cid:>" onError="alert(document.domain);">