Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-44025 - Vulnerability Database
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-44025
Medium
Reference:
CVE-2021-44025
Title:
Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment39s filename extension when displaying a MIME type warning message.