FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

roundcube -- XSS vulnerability

Affected packages
roundcube < 0.5.4,1

Details

VuXML ID 4ae68e7c-dda4-11e0-a906-00215c6a37bb
Discovery 2011-08-09
Entry 2011-09-13

RoundCube development Team reports:

We just published a new release which fixes a recently reported XSS vulnerability as an update to the stable 0.5 branch. Please update your installations with this new version or patch them with the fix which is also published in the downloads section or our sourceforge.net page.

and:

During one of pen-tests I found that _mbox parameter is not properly sanitized and reflected XSS attack is possible.

References

CVE Name CVE-2011-2937