A security issue was found in Roundcube Webmail before version 1.4.10, 1.3.16 and 1.2.13. linkref_addindex in rcube_string_replacer.php allowed performing a stored cross-site scripting attack using a crafted HTML or plain text email message.
A security issue was found in Roundcube Webmail before version 1.4.10, 1.3.16 and 1.2.13. linkref_addindex in rcube_string_replacer.php allowed performing a stored cross-site scripting attack using a crafted HTML or plain text email message.
https://github.com/roundcube/roundcubemail/releases/tag/1.4.10 https://github.com/roundcube/roundcubemail/commit/0bceba301aa621ecc0263eac17beee2a4cef0c6d