FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

roundcube -- cross-site scripting in HTML email messages

Affected packages
0.8.0,1 <= roundcube < 0.8.1,1


VuXML ID c906e0a4-efa6-11e1-8fbf-001b77d09812
Discovery 2012-08-14
Entry 2012-08-27

RoundCube branch 0.8.x prior to the version 0.8.1 is prone to the cross-scripting attack (XSS) originating from incoming HTML e-mails: due to the lack of proper sanitization of JavaScript code inside the "href" attribute, sender could launch XSS attack when recipient opens the message in RoundCube interface.


CVE Name CVE-2012-3508