First published: Wed Dec 12 2007(Updated: )
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
barnraiser AROUNDMe | <=0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2007-6321 is classified as a moderate severity vulnerability.
To fix CVE-2007-6321, you should update RoundCube webmail to a version newer than 0.1rc2.
The impact of CVE-2007-6321 allows remote attackers to perform cross-site scripting attacks on users of affected RoundCube webmail versions.
CVE-2007-6321 affects RoundCube webmail version 0.1rc2 and earlier.
CVE-2007-6321 is specifically noted to affect Internet Explorer when using vulnerable versions of RoundCube.