Description
Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.
Remediation
References
Related Vulnerabilities
WordPress Plugin Rezgo Cross-Site Scripting (1.4.2)
phpMyFAQ Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-0788)
IBM RTC Incorrect Authorization Vulnerability (CVE-2017-1700)
MyBB Insertion of Sensitive Information into Log File Vulnerability (CVE-2015-8977)
MongoDb Uncontrolled Resource Consumption Vulnerability (CVE-2016-3104)