Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail prior to 1.0.7 and 1.1.x prior to 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse opensuse 13.2 |
||
opensuse opensuse 13.1 |
||
roundcube webmail |
||
roundcube webmail 1.1.0 |
||
roundcube webmail 1.1.1 |
||
roundcube webmail 1.1.2 |