Description

program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.

Remediation

References

CVE-2015-1433

Related Vulnerabilities

Oracle JRE CVE-2013-2417 Vulnerability (CVE-2013-2417)

WordPress Plugin NewStatPress Cross-Site Scripting (1.0.5)

Varnish Cache Other Vulnerability (CVE-2015-8852)

Oracle Application Server Other Vulnerability (CVE-2002-1631)

WebLogic CVE-2022-21292 Vulnerability (CVE-2022-21292)

Severity

Medium

Classification

CVE-2015-1433

Tags

Missing Update Known Vulnerabilities