Description
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form 7 Integrations Multiple Cross-Site Scripting Vulnerabilities (1.3.10)
WordPress Plugin WP Photo Album Plus Unspecified Vulnerability (6.5.00)
Nginx Improper Certificate Validation Vulnerability (CVE-2009-3555)
WordPress Plugin Side Menu Lite-add sticky fixed buttons SQL Injection (2.2)