8 matches found
RoundCube Webmail mail <1.0.5 body stored XSS(CVE-2015-1433)
RoundCube Webmail is a foreign use of a wide an open source php e-mail system, the meaning is still quite large. roundcube webmail official website: , download the latest version. /program/lib/Roundcube/rcubewashtml.php this file is actually a rich text filter class class rcubewashtml it. roundcu...
Debian DLA-613-1 : roundcube security update
Multiple CSRF and XSS issues allow remote attackers to hijack the authentication and execute roundcube operations without the consent of the user. In some cases, this could result in data loss or data theft. CVE-2014-9587 Multiple cross-site request forgery CSRF vulnerabilities in allow remote...
DLA-613-1 roundcube - security update
Bulletin has no description...
openSUSE Security Update : roundcubemail (openSUSE-2015-148)
roundcubemail was updated to version 1.0.5 to fix one security issue. This security issue was fixed : - CVE-2015-1433: program/lib/Roundcube/rcubewashtml.php in Roundcube before 1.0.5 did not properly quote strings, which allowed remote attackers to conduct cross-site scripting XSS attacks via th...
Fedora Update for roundcubemail FEDORA-2015-1772
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for roundcubemail FEDORA-2015-1761
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-1433
program/lib/Roundcube/rcubewashtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting XSS attacks via the style attribute in an email...
CVE-2015-1433
CVE-2015-1433 affects Roundcube (Roundcube Webmail) where the file program/lib/Roundcube/rcube_washtml.php mishandles quoting in the HTML style attribute, enabling remote XSS via email content. The vulnerability arises from incorrect quotation logic during sanitization of the style HTML attribute...