First published: Tue Feb 03 2015(Updated: )
program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Roundcube Webmail | <=1.0.4 | |
openSUSE openSUSE | =13.1 | |
openSUSE openSUSE | =13.2 | |
Fedoraproject Fedora | =21 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.