JVN#21422837: Roundcube Webmail vulnerable to cross-site scripting

Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site scripting vulnerability.

Impact

An arbitrary script may be executed on the user’s Internet Explorer when viewing a specially crafted image file.

Solution

Update the software
Update to the latest version according to the information provided by the developer.

Products Affected

• Roundcube Webmail versions prior to 0.7