MDVSA-2013:148 -- Mandriva roundcubemailID: oval:org.secpod.oval:def:1300186 | Date: (C)2013-04-23 (M)2022-10-10 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been found and corrected in roundcubemail: Cross-site scripting vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email . A local file inclusion flaw was found in the way RoundCube Webmail, a browser-based multilingual IMAP client, performed validation of the 'generic_message_footer' value provided via web user interface in certain circumstances. A remote attacker could issue a specially-crafted request that, when processed by RoundCube Webmail could allow an attacker to obtain arbitrary file on the system, accessible with the privileges of the user running RoundCube Webmail client . The updated packages have been patched and upgraded to the 0.7.4 version which is not affected by these issues.
Platform: |
Mandriva Enterprise Server 5.2 |