Description
Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.
Remediation
References
Related Vulnerabilities
Sqlite NULL Pointer Dereference Vulnerability (CVE-2019-19926)
PHP Resource Management Errors Vulnerability (CVE-2011-1657)
WordPress Plugin Simple Banner Cross-Site Scripting (2.10.3)
WordPress Plugin WP-UserOnline URL HTML Injection (2.62)
LimeSurvey Improper Certificate Validation Vulnerability (CVE-2019-16179)