CVE-2012-3508

Published: Aug 25, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://trac.roundcube.net/ticket/1488613

x_refsource_CONFIRM

50279

third-party-advisory

x_refsource_SECUNIA

https://github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee

x_refsource_CONFIRM

[oss-security] 20120820 Re: CVE-request: Roundcube XSS issues

mailing-list

x_refsource_MLIST

[oss-security] 20120820 CVE-request: Roundcube XSS issues

mailing-list

x_refsource_MLIST

http://www.securelist.com/en/advisories/50279

x_refsource_MISC

http://sourceforge.net/news/?group_id=139281&id=309011

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-3508

Description

Affected Products

References