NOTE: This was discovered on a server running SquirrelMail 1.4.4, however after a quick review of the current build's source (1.4.16), I believe the vulnerability is still present.
SquirrelMail suffers a XSS (cross site scripting) vulnerability in the "startMessage" parameter of the compose.php script.
By supplying this GET parameter with a malicious string, scripts can be written to the resulting page.
http://www.example.com/\[path]/src/compose.php?mailbox=INBOX&startMessage=%22%3E%3Cscript%3Ealert%28%27XSS by MrDoug%27%29%3C/script%3E
(Please note that in most cases you must be logged in for this to be successfully exploited.)