Description

program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.

Remediation

References

CVE-2015-1433

Related Vulnerabilities

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43720)

Nginx Out-of-bounds Read Vulnerability (CVE-2023-27730)

WordPress Plugin WPML (WordPress Multilingual) Multiple Vulnerabilities (3.1.8.6)

Moodle Improper Input Validation Vulnerability (CVE-2012-0801)

Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.3)

Severity

Medium

Classification

CVE-2015-1433

Tags

Missing Update Known Vulnerabilities