Description
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
Remediation
References
Related Vulnerabilities
Jboss EAP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-3878)
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1868)
Envoy Proxy Other Vulnerability (CVE-2024-34363)
WordPress Plugin WordPress Book List Arbitrary File Upload (5.0.11)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7061)