Description
The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a "login CSRF" issue.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2012-0072 Vulnerability (CVE-2012-0072)
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-15241)
phpBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1627)
MySQL CVE-2013-5807 Vulnerability (CVE-2013-5807)
WordPress Plugin Disable Comments Cross-Site Scripting (1.3)