Description
Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.
Remediation
References
Related Vulnerabilities
MySQL CVE-2022-21285 Vulnerability (CVE-2022-21285)
WordPress Plugin MyBlogU Cross-Site Scripting (0.0.7)
WordPress Plugin My Calendar Multiple Cross-Site Scripting Vulnerabilities (1.10.1)
WordPress Plugin Adminer Cross-Site Scripting (1.4.2)
WordPress Plugin Easy Property Listings Cross-Site Request Forgery (3.3.5.8)