Description

Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.

Remediation

References

CVE-2012-3508

Related Vulnerabilities

WordPress Plugin Product Catalog SQL Injection (3.9.8)

WordPress Plugin WPtouch Open Redirect (3.4.9)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5004)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2332)

ownCloud Resource Management Errors Vulnerability (CVE-2015-6500)

Severity

Medium

Classification

CVE-2012-3508 CWE-707

Tags

Missing Update Known Vulnerabilities