First published: Sun Mar 12 2017(Updated: )
rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Roundcube Webmail | <=1.1.7 | |
Roundcube Webmail | =1.2.0 | |
Roundcube Webmail | =1.2.1 | |
Roundcube Webmail | =1.2.2 | |
Roundcube Webmail | =1.2.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.