Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3507)

Description

Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.

Remediation

References

CVE-2012-3507

Related Vulnerabilities

WordPress Plugin Easy Google Maps Cross-Site Scripting (1.9.33)

Werkzeug WSGI Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2022-29361)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43953)

PrestaShop Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-19124)

osTicket Other Vulnerability (CVE-2005-1436)

Severity

Low

Classification

CVE-2012-3507 CWE-707