Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-47272 - Vulnerability Database

Roundcube

Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-47272

Medium

Reference: CVE-2023-47272

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-47272

Title: Roundcube Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).