FreeBSD Ports: Roundcube Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/33622/ http://sourceforge.net/forum/forum.php?forum_id=927958 http://trac.roundcube.net/changeset/2245 http://trac.roundcube.net/ticket/1485689 http://www.vuxml.org/freebsd/35c0b572-125a-11de-a964-0030843d3802.html

Insight

The following package is affected: roundcube CVE-2009-0413 Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.

Severity

Classification

CVE CVE-2009-0413

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

FreeBSD Ports: alsaplayer
FreeBSD Ports: bugzilla
FreeBSD Ports: bitcoin
FreeBSD Ports: apr1
FreeBSD Ports: bzip2

FreeBSD Ports: roundcube

Take action and discover your vulnerabilities