Description
steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.
Remediation
References
Related Vulnerabilities
Drupal Core 7.x Cross-Site Request Forgery (7.0 - 7.71)
MySQL CVE-2020-14845 Vulnerability (CVE-2020-14845)
WebLogic CVE-2021-2047 Vulnerability (CVE-2021-2047)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2367)
Joomla! Core 3.x.x Multiple Cross-Site Request Forgery Vulnerabilities (3.0.0 - 3.9.14)