3 matches found
CVE-2015-5381
Cross-site scripting XSS vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the mbox parameter to the default URI...
CVE-2015-5381
Cross-site scripting XSS vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the mbox parameter to the default URI...
CVE-2015-5381
Summary: The CVE-2015-5381 entry affects Roundcube Webmail 1.1.x before 1.1.2, where a cross-site scripting (XSS) vulnerability exists in the file program/include/rcmail.php . A remote attacker can exploit this by supplying a crafted payload to the _mbox parameter at the default URI, enabling inj...