Description
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.
Remediation
References
Related Vulnerabilities
WordPress Plugin WishList Member X Remote Code Execution (3.25.1)
WordPress Plugin Content Grabber Multiple Vulnerabilities (1.0)
WordPress Plugin PICA Photo Gallery 'picaPhotosResize.php' Arbitrary File Upload (1.0)
Apache Tomcat Resource Management Errors Vulnerability (CVE-2011-4858)
Next.js Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2022-36046)