1076 matches found
CVE-2007-6321
Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...
DEBIAN-CVE-2007-6321
Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...
Cross site scripting
Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...
CVE-2007-6321
Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...
CVE-2007-6321
The CVE-2007-6321 issue affects Roundcube webmail (0.1rc2 and earlier) where IE could execute XSS via style sheets containing expression commands. Connected OpenVAS/Nessus entries reference Fedora updates (FEDORA-2008-5333/5342/5315) that include XSS fixes for roundcubemail, indicating a patch-ba...
CVE-2007-6321
Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...
CVE-2007-6321
Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...
JVN#33820033 RoundCube Webmail cross-site request forgery vulnerability
RoundCube Webmail is an open source webmail client from the RoundCube Project. RoundCube Webmail contains a cross-site request forgery vulnerability that may allow disclosure of information such as email subject lines. Impact Information such as email subject lines may be disclosed on the web...
Roundcube Webmail 0.1 - CSS Expression Input Validation
Roundcube Webmail 0.1 - CSS Expression Input Validation source: https://www.securityfocus.com/bid/26800/info Roundcube Webmail is prone to an input-validation vulnerability because it fails to sanitize HTML email messages. Attackers can exploit this issue to execute arbitrary script code in the...
Roundcube Webmail 0.1 - CSS Expression Input Validation
source: https://www.securityfocus.com/bid/26800/info Roundcube Webmail is prone to an input-validation vulnerability because it fails to sanitize HTML email messages. Attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user. Successful attacks can...
Roundcube Webmail 0.1 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/21042/info Roundcube Webmail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in th...
Roundcube Webmail 0.1 - index.php Cross-Site Scripting
Roundcube Webmail 0.1 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21042/info Roundcube Webmail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script co...
CVE-2005-4368
roundcube webmail Alpha, with a default high verbose level $rcmailconfig'debuglevel' = 1, allows remote attackers to obtain the full path of the application via an invalidtask parameter, which leaks the path in an error message...
CVE-2005-4368
CVE-2005-4368 affects Roundcube Webmail Alpha. When rcube_config['debug_level'] is set to 1 (default high verbose), an attacker can trigger an invalid_task to cause an error message that discloses the full application path. The available connected documents confirm the vulnerability description a...
CVE-2005-4368
roundcube webmail Alpha, with a default high verbose level $rcmailconfig'debuglevel' = 1, allows remote attackers to obtain the full path of the application via an invalidtask parameter, which leaks the path in an error message...
CVE-2005-4368
roundcube webmail Alpha, with a default high verbose level $rcmailconfig'debuglevel' = 1, allows remote attackers to obtain the full path of the application via an invalidtask parameter, which leaks the path in an error message...