Description
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Cross-Site Scripting (3.5.0)
XWiki Incorrect Authorization Vulnerability (CVE-2021-32620)
WordPress Plugin Wordpress Membership SwiftCloud.io SQL Injection (1.0)
WordPress Plugin Custom Website Data Cross-Site Scripting (1.0)
Moodle 7PK - Security Features Vulnerability (CVE-2015-5331)