Description
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.
Remediation
References
Related Vulnerabilities
WordPress Plugin BuddyPress Unspecified Vulnerability (2.6.0)
WordPress Plugin Clean Login Unspecified Vulnerability (1.8)
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15808)
WordPress Plugin CardGate Payments for WooCommerce Security Bypass (3.1.15)
WordPress Plugin Easy Google Analytics for WordPress Cross-Site Request Forgery (1.6.0)