Description

Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

Remediation

References

CVE-2011-2937

Related Vulnerabilities

PostgreSQL Other Vulnerability (CVE-2002-1402)

Jboss EAP Inadequate Encryption Strength Vulnerability (CVE-2014-0224)

Oracle Database Server CVE-2009-1020 Vulnerability (CVE-2009-1020)

Oracle Database Server CVE-2011-2301 Vulnerability (CVE-2011-2301)

WordPress Plugin WP Mobile Menu-The Mobile-Friendly Responsive Menu Cross-Site Scripting (2.8.2.2)

Severity

Medium

Classification

CVE-2011-2937 CWE-707

Tags

Missing Update Known Vulnerabilities