Lucene search

[email protected]CVE-2012-3508

HistoryAug 25, 2012 - 10:29 a.m.

CVE-2012-3508

2012-08-2510:29:52

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-3508

cross-site scripting

xss

roundcube webmail

security

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.4%

JSON

Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using “javascript:” in an href attribute in the body of an HTML-formatted email.

Affected configurations

NVD

Node

roundcubewebmailMatch0.8.0

CPENameOperatorVersion
roundcube:webmailroundcube webmaileq0.8.0

CPE	Name	Operator	Version
roundcube:webmail	roundcube webmail	eq	0.8.0

References

secunia.com/advisories/50279

sourceforge.net/news/?group_id=139281&id=309011

trac.roundcube.net/ticket/1488613

www.openwall.com/lists/oss-security/2012/08/20/2

www.openwall.com/lists/oss-security/2012/08/20/9

www.securelist.com/en/advisories/50279

github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.4%

JSON

Related for CVE-2012-3508

freebsd1 openvas6 nvd1 cvelist1 prion1 nessus5 ubuntucve1 debiancve1 fedora3