Description Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php. Remediation References CVE-2020-18670 Related Vulnerabilities WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Cross-Site Scripting (3.1.10) Drupal Core 8.9.x Remote Code Execution (8.9.0 - 8.9.9) WordPress Plugin WP Comment Remix SQL Injection and HTML Injection Vulnerabilities (1.4.3) WordPress Plugin RBX Gallery 'uploader.php' Arbitrary File Upload (2.1) WordPress Plugin WP Symposium SQL Injection (15.1) Severity Medium Classification CVE-2020-18670 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities