Description

Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

Remediation

References

CVE-2011-2937

Related Vulnerabilities

WordPress Other Vulnerability (CVE-2007-4153)

WordPress Plugin WP Dialog Cross-Site Scripting (1.2.5.5)

WordPress Plugin Slider Revolution Responsive Arbitrary File Upload (3.0.95)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.33)

WordPress Plugin LifterLMS-WP LMS for eLearning, Online Courses, & Quizzes Security Bypass (4.21.1)

Severity

Medium

Classification

CVE-2011-2937 CWE-707

Tags

Missing Update Known Vulnerabilities