Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2009-0413
Reference:
CVE-2009-0413
Title:
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.