Description
Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.
Remediation
References
Related Vulnerabilities
WordPress Plugin Influencer Marketing & Press Release System Cross-Site Scripting (2.2)
WordPress Plugin Custom Searchable Data Entry System Security Bypass (1.7.1)
WordPress Plugin User Login History Multiple Cross-Site Scripting Vulnerabilities (1.5.2)
MODX Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-8775)