[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-4668Date: (C)2012-08-25   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
http://www.openwall.com/lists/oss-security/2012/08/20/2
http://www.openwall.com/lists/oss-security/2012/08/20/9
http://sourceforge.net/news/?group_id=139281&id=309011
http://trac.roundcube.net/ticket/1488613
https://github.com/roundcube/roundcubemail/commit/c086978f6a91eacb339fd2976202fca9dad2ef32

CPE    34
cpe:/a:roundcube:webmail:0.7.3
cpe:/a:roundcube:webmail:0.3:beta
cpe:/a:roundcube:webmail:0.1:beta2
cpe:/a:roundcube:webmail:0.5.3
...
CWE    1
CWE-79
OVAL    1
oval:org.secpod.oval:def:1300186

© SecPod Technologies