Description

Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.

Remediation

References

CVE-2012-3507

Related Vulnerabilities

Apache HTTP Server Other Vulnerability (CVE-1999-1199)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9409)

MySQL CVE-2021-35630 Vulnerability (CVE-2021-35630)

MySQL CVE-2021-35648 Vulnerability (CVE-2021-35648)

WordPress Plugin Elementor Website Builder Cross-Site Scripting (3.5.5)

Severity

Low

Classification

CVE-2012-3507 CWE-707

Tags

Missing Update Known Vulnerabilities