Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2013-5645 - Vulnerability Database
Roundcube

Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2013-5645

Medium
Reference: CVE-2013-5645
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2013-5645
Title: Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode related to compose.inc and (3) might allow remote authenticated users to inject arbitrary web script or HTML via an HTML signature related to save_identity.inc.