Description
program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2008-0345 Vulnerability (CVE-2008-0345)
MySQL CVE-2023-22066 Vulnerability (CVE-2023-22066)
WordPress Plugin GEO my WordPress Unspecified Vulnerability (2.6.1.1)
WordPress Plugin WP Ultimate Exporter SQL Injection (1.1)
Apache HTTP Server CVE-2012-0883 Vulnerability (CVE-2012-0883)