Description

The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a "login CSRF" issue.

Remediation

References

CVE-2011-1491

Related Vulnerabilities

Drupal Other Vulnerability (CVE-2007-4063)

WordPress Plugin Maintenance Cross-Site Scripting (4.02)

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-27902)

WordPress Plugin StoryChief Cross-Site Scripting (1.0.30)

WordPress Plugin How to Create an App for Android iPhone Easytouch Arbitrary File Upload (3.0)

Severity

Low

Classification

CVE-2011-1491 CWE-20

Tags

Missing Update Known Vulnerabilities