Description
Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.
Remediation
References
Related Vulnerabilities
PHP Resource Management Errors Vulnerability (CVE-2015-8877)
WordPress Plugin Customer Service Software & Support Ticket System Cross-Site Scripting (5.10.3)
WordPress Plugin SEO Redirection-301 Redirect Manager Unspecified Vulnerability (8.7)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-3664)