Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Roundcube Improper Input Validation Vulnerability (CVE-2011-1492)

Description

steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain sensitive information, via a crafted request.

Remediation

References

Related Vulnerabilities

WordPress Plugin Kimili Flash Embed Unspecified Vulnerability (2.2.1)

WordPress Plugin WordPress Download Manager Security Bypass (2.7.2)

Joomla! Core 3.x.x Denial of Service (3.0.0 - 3.2.5)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.18)

Drupal Improper Input Validation Vulnerability (CVE-2019-6342)

Severity

Medium

Classification

CVE-2011-1492 CWE-20

Tags

Missing Update Known Vulnerabilities