Description
Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.
Remediation
References
Related Vulnerabilities
WordPress Other Vulnerability (CVE-2007-4153)
WordPress Plugin WP Dialog Cross-Site Scripting (1.2.5.5)
WordPress Plugin Slider Revolution Responsive Arbitrary File Upload (3.0.95)
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.33)
WordPress Plugin LifterLMS-WP LMS for eLearning, Online Courses, & Quizzes Security Bypass (4.21.1)