Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:15025
HistoryDec 04, 2009 - 12:00 a.m.

Roundcube Webmail邮件消息HTML注入漏洞

2009-12-0400:00:00
Root
www.seebug.org
15

0.003 Low

EPSS

Percentile

64.0%

JSON

BUGTRAQ ID: 33372
CVE(CAN) ID: CVE-2009-0413

RoundCube Webmail是一个基于浏览器的IMAP客户端。

RoundCube Webmail没有正确地过滤HTML邮件消息的background属性,用户受骗查看了恶意邮件就会导致在浏览器会话中执行任意HTML和脚本代码。

RoundCube Webmail 0.2-stable
厂商补丁:

RoundCube

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://trac.roundcube.net/changeset/2245

Related

prion 1
openvas 8
debiancve 1
ubuntucve 1
nessus 3
freebsd 1
fedora 3
cve 1
prion
prion
Cross site scripting
2009-02-03 23:30:00
openvas
openvas
Fedora Core 10 FEDORA-2009-1204 (roundcubemail)
2009-02-10 00:00:00
Fedora Core 9 FEDORA-2009-1256 (roundcubemail)
2009-02-10 00:00:00
Fedora Core 9 FEDORA-2009-1256 (roundcubemail)
2009-02-10 00:00:00
debiancve
debiancve
CVE-2009-0413
2009-02-03 23:30:00
ubuntucve
ubuntucve
CVE-2009-0413
2009-02-03 00:00:00
nessus
nessus
Fedora 10 : roundcubemail-0.2-7.stable.fc10 (2009-1204)
2009-04-23 00:00:00
Fedora 9 : roundcubemail-0.2-7.stable.fc9 (2009-1256)
2009-02-05 00:00:00
FreeBSD : roundcube -- webmail script insertion and php code injection (35c0b572-125a-11de-a964-0030843d3802)
2009-03-17 00:00:00
freebsd
freebsd
roundcube -- webmail script insertion and php code injection
2009-01-21 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: roundcubemail-0.2-7.stable.fc10
2009-02-05 02:08:18
[SECURITY] Fedora 9 Update: roundcubemail-0.2-7.stable.fc9
2009-02-05 02:12:50
[SECURITY] Fedora 10 Update: roundcubemail-0.2.2-4.fc10
2009-12-02 04:27:37
cve
cve
CVE-2009-0413
2009-02-03 23:30:00

0.003 Low

EPSS

Percentile

64.0%

JSON
Related for SSV:15025
prion1openvas8debiancve1ubuntucve1nessus3freebsd1fedora3cve1