Description

rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.

Remediation

References

CVE-2017-6820

Related Vulnerabilities

OpenSSL CVE-2024-0727 Vulnerability (CVE-2024-0727)

Oracle Application Server CVE-2010-0067 Vulnerability (CVE-2010-0067)

WordPress Plugin Local Market Explorer 'api-key' Parameter Cross-Site Scripting (3.1.1)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cross-Site Scripting (2.3.1)

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-5131)

Severity

Medium

Classification

CVE-2017-6820 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities