Description
Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.
Remediation
References
Related Vulnerabilities
Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2005-1921)
Apache Tomcat version older than 6.0.6
WordPress Plugin WordPress WP-Advanced-Search Remote Code Execution (3.3.3)
WordPress Plugin BuddyPress Customer.io Analytics Integration Cross-Site Request Forgery (1.1.6)
Drupal Improper Access Control Vulnerability (CVE-2020-13677)