CVE-2007-6321
published 2007-12-12CVE-2007-6321: Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
5.44%
91.7th percentile
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | roundcube | < roundcube 0.1~rc2-6 (bookworm) | roundcube 0.1~rc2-6 (bookworm) |
| roundcube | webmail | <= 0.1 | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
roundcubemail: XSS vulnerability
vendor_redhat·2007-12-09·CVSS 4.3
CVE-2007-6321 [MEDIUM] CWE-79 roundcubemail: XSS vulnerability
roundcubemail: XSS vulnerability
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
Debian
CVE-2007-6321: roundcube - Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09...
vendor_debian·2007·CVSS 4.3
CVE-2007-6321 [MEDIUM] CVE-2007-6321: roundcube - Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09...
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
Scope: local
bookworm: resolved (fixed in 0.1~rc2-6)
bullseye: resolved (fixed in 0.1~rc2-6)
forky: resolved (fixed in 0.1~rc2-6)
sid: resolved (fixed in 0.1~rc2-6)
trixie: resolved (fixed in 0.1~rc2-6)
GHSA
GHSA-5c8c-p877-w38h: Cross-site scripting (XSS) vulnerability in RoundCube webmail 0
ghsa_unreviewed·2022-05-01
CVE-2007-6321 [MEDIUM] CWE-79 GHSA-5c8c-p877-w38h: Cross-site scripting (XSS) vulnerability in RoundCube webmail 0
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
OSV
CVE-2007-6321: Cross-site scripting (XSS) vulnerability in RoundCube webmail 0
osv·2007-12-12·CVSS 4.3
CVE-2007-6321 [MEDIUM] CVE-2007-6321: Cross-site scripting (XSS) vulnerability in RoundCube webmail 0
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
No detection rules found.
http://openmya.hacker.jp/hasegawa/security/expression.txthttp://secunia.com/advisories/30734http://securityreason.com/securityalert/3435http://trac.roundcube.net/ticket/1484701http://www.securityfocus.com/archive/1/484802/100/0/threadedhttp://www.securityfocus.com/bid/26800https://exchange.xforce.ibmcloud.com/vulnerabilities/38981http://openmya.hacker.jp/hasegawa/security/expression.txthttp://secunia.com/advisories/30734http://securityreason.com/securityalert/3435http://trac.roundcube.net/ticket/1484701http://www.securityfocus.com/archive/1/484802/100/0/threadedhttp://www.securityfocus.com/bid/26800https://exchange.xforce.ibmcloud.com/vulnerabilities/38981
2007-12-12
Published