Description

Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

Remediation

References

CVE-2011-2937

Related Vulnerabilities

Rukovoditel Improper Input Validation Vulnerability (CVE-2020-11819)

WordPress Plugin WORDPRESS VIDEO GALLERY Open Email Relay (2.8)

WordPress Plugin Funnel Builder by CartFlows-Create High Converting Sales Funnels For WordPress Cross-Site Request Forgery (1.5.15)

MySQL CVE-2018-3279 Vulnerability (CVE-2018-3279)

PHP Other Vulnerability (CVE-2007-5424)

Severity

Medium

Classification

CVE-2011-2937 CWE-707

Tags

Missing Update Known Vulnerabilities