CVE-2016-4552

Опубликовано: 20 дек. 2016

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00101.html
https://github.com/roundcube/roundcubemail/issues/5240
Exploit
Issue Tracking
https://github.com/roundcube/roundcubemail/wiki/Changelog#release-120
Release Notes
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00101.html
https://github.com/roundcube/roundcubemail/issues/5240
Exploit
Issue Tracking
https://github.com/roundcube/roundcubemail/wiki/Changelog#release-120
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:roundcube:webmail:1.2:rc:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00276

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2016-4552

CVSS3: 6.1

ubuntu

больше 8 лет назад

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.

CVE-2016-4552

CVSS3: 6.1

debian

больше 8 лет назад

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ...

GHSA-23fp-mccx-jgj3

CVSS3: 6.1

github

около 3 лет назад

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.

EPSS

Процентиль: 51%

0.00276

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79