CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
74.6%
RoundCube development Team reports:
We just published a new release which fixes a recently
reported XSS vulnerability as an update to the stable 0.5
branch. Please update your installations with this new
version or patch them with the fix which is also published
in the downloads section or our sourceforge.net page.
and:
During one of pen-tests I found that _mbox parameter is not
properly sanitized and reflected XSS attack is possible.