Description
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.
Remediation
References
Related Vulnerabilities
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-3378)
WordPress Plugin TablePress Unspecified Vulnerability (1.7)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0825)
WordPress Plugin WP Jobs SQL Injection (1.4)
Atlassian Jira Incorrect Authorization Vulnerability (CVE-2019-3401)