Description

Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.

Remediation

References

CVE-2012-3508

Related Vulnerabilities

PostgreSQL CVE-2009-3229 Vulnerability (CVE-2009-3229)

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3220)

WordPress Plugin Product Addons & Fields for WooCommerce Arbitrary File Upload (1.1)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery SQL Injection (1.3.29)

Oracle HTTP Server Other Vulnerability (CVE-2002-0655)

Severity

Medium

Classification

CVE-2012-3508 CWE-707

Tags

Missing Update Known Vulnerabilities