Roundcube webmail cross-site scripting vulnerability
RoundCube Webmail is a browser-based IMAP client. A cross-site scripting vulnerability in program/js/app.js in Roundcube webmail versions prior to 1.0.7, 1.1.x-1.1.3 allows remote attackers to inject arbitrary web script or HTML by dragging and dropping the filename in a file upload...