An issue exists in Roundcube Webmail prior to 1.3.12 and 1.4.x prior to 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
roundcube webmail |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |