Description
Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.
Remediation
References
Related Vulnerabilities
PHP Out-of-bounds Write Vulnerability (CVE-2024-11233)
MySQL CVE-2021-2007 Vulnerability (CVE-2021-2007)
GlassFish CVE-2016-5519 Vulnerability (CVE-2016-5519)
PostgreSQL Integer Overflow or Wraparound Vulnerability (CVE-2023-5869)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17301)