Description

Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

Remediation

References

CVE-2011-2937

Related Vulnerabilities

SharePoint CVE-2023-21717 Vulnerability (CVE-2023-21717)

WordPress 5.3.x Multiple Vulnerabilities (5.3 - 5.3.14)

WordPress Plugin Child Theme Configurator Arbitrary File Disclosure (1.7.4)

WordPress Plugin Improved Sale Badges for WooCommerce Security Bypass (4.3.2)

MySQL CVE-2014-0384 Vulnerability (CVE-2014-0384)

Severity

Medium

Classification

CVE-2011-2937 CWE-707

Tags

Missing Update Known Vulnerabilities