FreeBSD Ports: Roundcube Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/33622/ http://sourceforge.net/forum/forum.php?forum_id=927958 http://trac.roundcube.net/changeset/2245 http://trac.roundcube.net/ticket/1485689 http://www.vuxml.org/freebsd/35c0b572-125a-11de-a964-0030843d3802.html

Insight

The following package is affected: roundcube CVE-2009-0413 Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.

Severity

Classification

CVE CVE-2009-0413
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

FreeBSD Ports: awstats
FreeBSD Ports: clamav
FreeBSD Ports: bugzilla
FreeBSD Ports: asterisk16
FreeBSD Ports: bugzilla

FreeBSD Ports: roundcube

Take action and discover your vulnerabilities