Description
Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.
Remediation
References
Related Vulnerabilities
WordPress Plugin Appointment Calendar Multiple Cross-Site Scripting Vulnerabilities (2.7.4)
MySQL CVE-2021-2011 Vulnerability (CVE-2021-2011)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-25703)
WordPress Plugin Altos Connect Widget Cross-Site Scripting (1.3.0)