Description

Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.

Remediation

References

CVE-2012-3507

Related Vulnerabilities

WordPress Plugin Automated Content for Real Estate Multiple Unspecified Vulnerabilities (5.4.2)

WordPress Plugin 3D Cover Carousel Cross-Site Scripting (1.0)

TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4614)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2048)

WordPress Plugin ZooEffect for Video player Photo Gallery Slideshow jQuery and audio/music/podcast-HTML Cross-Site Scripting (1.01)

Severity

Low

Classification

CVE-2012-3507 CWE-707

Tags

Missing Update Known Vulnerabilities