JVN#21422837: Roundcube Webmail vulnerable to cross-site scripting

2012-05-25T00:00:00
ID JVN:21422837
Type jvn
Reporter Japan Vulnerability Notes
Modified 2012-05-30T00:00:00

Description

## Description

Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site scripting vulnerability.

## Impact

An arbitrary script may be executed on the user's Internet Explorer when viewing a specially crafted image file.

## Solution

Update the software
Update to the latest version according to the information provided by the developer.

## Products Affected

  • Roundcube Webmail versions prior to 0.7