Lucene search

[email protected]NVD:CVE-2012-3508

HistoryAug 25, 2012 - 10:29 a.m.

CVE-2012-3508

2012-08-2510:29:52

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.003

Percentile

66.3%

JSON

Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using “javascript:” in an href attribute in the body of an HTML-formatted email.

Affected configurations

Nvd

Node

roundcubewebmailMatch0.8.0

VendorProductVersionCPE
roundcubewebmail0.8.0cpe:2.3:a:roundcube:webmail:0.8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
roundcube	webmail	0.8.0	cpe:2.3:a:roundcube:webmail:0.8.0:::::::*

References

secunia.com/advisories/50279

sourceforge.net/news/?group_id=139281&id=309011

trac.roundcube.net/ticket/1488613

www.openwall.com/lists/oss-security/2012/08/20/2

www.openwall.com/lists/oss-security/2012/08/20/9

www.securelist.com/en/advisories/50279

github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.003

Percentile

66.3%

JSON

Related for NVD:CVE-2012-3508

prion1 cve1 openvas6 nessus5 debiancve1 ubuntucve1 cvelist1 freebsd1 fedora3 exploitdb1 osv1