Description
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
Remediation
References
Related Vulnerabilities
WordPress Plugin SyntaxHighlighter Evolved Cross-Site Scripting (3.5.0)
WordPress Plugin EmbedSocial-Social Media Feeds, Reviews and Galleries Cross-Site Scripting (1.1.27)
MySQL CVE-2021-35591 Vulnerability (CVE-2021-35591)
WordPress Plugin Coming Soon Multiple Vulnerabilities (1.1.18)
WordPress Plugin WP Symposium Arbitrary File Upload Vulnerabilities (11.11.26)