CVE-2015-1433
03.02.2015, 16:59
program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.
Vendor | Product | Version |
---|---|---|
roundcube | webmail | 𝑥 ≤ 1.0.4 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
References