Roundcube Cross-site Scripting (XSS) Vulnerability - CVE-2015-1433 - Vulnerability Database

Roundcube Cross-site Scripting (XSS) Vulnerability - CVE-2015-1433

Medium

Reference: CVE-2015-1433

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-1433

Title: Roundcube Cross-site Scripting (XSS) Vulnerability

Overview:

program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.