Description
Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3461 Vulnerability (CVE-2017-3461)
WordPress Plugin Newsletter-Send awesome emails from WordPress Cross-Site Scripting (4.6.0)
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2009-3094)
Perl Out-of-bounds Write Vulnerability (CVE-2023-47039)
Oracle Database Server CVE-2012-0519 Vulnerability (CVE-2012-0519)