Description
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.
Remediation
References
Related Vulnerabilities
WordPress Plugin JiangQie Official Website Mini Program SQL Injection (1.1.0)
DOMPurify URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-25155)
WordPress Plugin Cool Video Gallery Cross-Site Request Forgery (1.8)
Python Integer Overflow or Wraparound Vulnerability (CVE-2018-20406)