Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Roundcube Cross-site Scripting (XSS) Vulnerability - CVE-2015-8105 - Vulnerability Database
Roundcube

Roundcube Cross-site Scripting (XSS) Vulnerability - CVE-2015-8105

Low
Reference: CVE-2015-8105
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-8105
Title: Roundcube Cross-site Scripting (XSS) Vulnerability
Overview:

Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.