Description

Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.

Remediation

References

CVE-2010-0464

Related Vulnerabilities

Atlassian Confluence CVE-2023-22505 Vulnerability (CVE-2023-22505)

Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21517)

WordPress Plugin Anthologize Cross-Site Scripting (0.7.7)

PostgreSQL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2020-25694)

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9516)

Severity

Medium

Classification

CVE-2010-0464 CWE-200

Tags

Missing Update Known Vulnerabilities