Description
Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.
Remediation
References
Related Vulnerabilities
WordPress Plugin Automated Content for Real Estate Multiple Unspecified Vulnerabilities (5.4.2)
WordPress Plugin 3D Cover Carousel Cross-Site Scripting (1.0)
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4614)
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2048)