CVE-2012-6121

2013-02-2421:55:01

Debian Security Bug Tracker

security-tracker.debian.org

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

66.3%

JSON

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.

OSVersionArchitecturePackageVersionFilename
Debian12allroundcube< 1.6.5+dfsg-1~deb12u1roundcube_1.6.5+dfsg-1~deb12u1_all.deb
Debian11allroundcube< 1.4.15+dfsg.1-1~deb11u2roundcube_1.4.15+dfsg.1-1~deb11u2_all.deb
Debian10allroundcube< 1.3.17+dfsg.1-1~deb10u2roundcube_1.3.17+dfsg.1-1~deb10u2_all.deb
Debian999allroundcube< 1.6.7+dfsg-1roundcube_1.6.7+dfsg-1_all.deb
Debian13allroundcube< 1.6.7+dfsg-1roundcube_1.6.7+dfsg-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	roundcube	< 1.6.5+dfsg-1~deb12u1	roundcube_1.6.5+dfsg-1~deb12u1_all.deb
Debian	11	all	roundcube	< 1.4.15+dfsg.1-1~deb11u2	roundcube_1.4.15+dfsg.1-1~deb11u2_all.deb
Debian	10	all	roundcube	< 1.3.17+dfsg.1-1~deb10u2	roundcube_1.3.17+dfsg.1-1~deb10u2_all.deb
Debian	999	all	roundcube	< 1.6.7+dfsg-1	roundcube_1.6.7+dfsg-1_all.deb
Debian	13	all	roundcube	< 1.6.7+dfsg-1	roundcube_1.6.7+dfsg-1_all.deb