Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-44025 - Vulnerability Database

Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-44025

Medium
Reference: CVE-2021-44025
Title: Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment39s filename extension when displaying a MIME type warning message.