Description
Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.
Remediation
References
Related Vulnerabilities
WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (1.2.05.20)
WordPress Plugin WP-Polls Cross-Site Scripting (2.69)
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Security Bypass (0.1.0.8)
WordPress Plugin Easy Watermark Security Bypass (0.7.0)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3365)