CVE-2016-4552

Опубликовано: 20 дек. 2016

Источник: debian

Описание

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
roundcube	fixed	1.2.0+dfsg.1-1		package
roundcube	not-affected		wheezy	package

Примечания

https://github.com/roundcube/roundcubemail/issues/5240
https://github.com/roundcube/roundcubemail/pull/5241
https://www.openwall.com/lists/oss-security/2016/05/25/8

Связанные уязвимости

CVE-2016-4552

CVSS3: 6.1

ubuntu

около 9 лет назад

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.

CVE-2016-4552

CVSS3: 6.1

nvd

около 9 лет назад

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.

GHSA-23fp-mccx-jgj3

CVSS3: 6.1

github

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.