Description
steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP eCommerce SQL Injection (3.11.3)
WordPress Plugin All Category SEO Updater Cross-Site Scripting (0.2.7)
PHP Other Vulnerability (CVE-2007-2844)
PrestaShop Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-25170)
Python Improper Input Validation Vulnerability (CVE-2021-29921)