Description
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
Remediation
References
Related Vulnerabilities
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.3.8)
WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar Cross-Site Scripting (3.0.1)
WordPress Plugin DX Share Selection Cross-Site Request Forgery (1.4)
Omeka Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-5100)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1999006)