Description

Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.

Remediation

References

CVE-2012-3508

Related Vulnerabilities

Drupal Core 4.6.x Form Action Attribute Injection (4.6.0 - 4.6.9)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-11612)

Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2021-3629)

WordPress Plugin Gallery-Video Gallery and Youtube Gallery SQL Injection (2.0.9)

MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-5687)

Severity

Medium

Classification

CVE-2012-3508 CWE-707

Tags

Missing Update Known Vulnerabilities