5 matches found
CVE-2015-8105
Cross-site scripting XSS vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload...
CVE-2015-8105
Cross-site scripting XSS vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload...
CVE-2015-8105
Cross-site scripting XSS vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload...
CVE-2015-8105
CVE-2015-8105 affects Roundcube webmail, specifically the vulnerable component is program/js/app.js. The XSS flaw arises in the drag-and-drop file upload via the filename field, impacting Roundcube versions before 1.0.7 and 1.1.x before 1.1.3. Exploitation requires remote authenticated access, en...
CVE-2015-8105
Cross-site scripting XSS vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload...