Description
Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.
Remediation
References
Related Vulnerabilities
WordPress Data Processing Errors Vulnerability (CVE-2014-9034)
Python Out-of-bounds Write Vulnerability (CVE-2018-25032)
WordPress Plugin GTM4WP Cross-Site Scripting (1.15)
WordPress Plugin Z-Vote 'zvote' Parameter SQL Injection (1.1)
Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33926)