Description
Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.
Remediation
References
Related Vulnerabilities
WordPress Plugin wp heyloyalty Remote Code Execution (1.1.4)
Drupal Core 5.x Multiple Cross-Site Request Forgery Vulnerabilities (5.0 - 5.1)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4522)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8393)