8 matches found
Roundcube Webmail func.inc Cross-site Scripting (CVE-2018-19206)
A cross-site scripting vulnerability exists in Roundcube Webmail. The vulnerability is due to improper handling of a tag within HTML attachments. A remote attacker can exploit this vulnerability by enticing a user to open an attachment...
Debian DSA-4344-1 : roundcube - security update
Aidan Marlin discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to a cross-site scripting vulnerability in handling invalid style tag content. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
[SECURITY] [DSA 4344-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4344-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2018 https://www.debian.org/security/faq -...
Roundcube Webmail < 1.3.8 XSS Vulnerability
Roundcube Webmail is prone to a cross-site scripting XSS vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
UBUNTU-CVE-2018-19206
steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...
CVE-2018-19206
steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...
CVE-2018-19206
CVE-2018-19206 affects Roundcube Webmail: a cross‑site scripting vulnerability in how HTML attachments are parsed, via crafted content that can execute when an onload attribute is used in a BODY tag. Affected are Roundcube versions before 1.3.8 (and, per Debian advisories, prior patches and rela...
CVE-2018-19206
steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...