Description
Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.
Remediation
References
Related Vulnerabilities
WordPress Plugin Connections Business Directory Unspecified Vulnerability (10.4.7)
Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7913)
WordPress Plugin ShareYourCart Information Disclosure (1.6.1)
WordPress Plugin SEO Ultimate 'wp-admin/post.php' Cross-Site Scripting (6.9.1)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14885)