Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6321 — Cross-site Scripting in Webmail

CWE-79 — Cross-site Scripting8 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
5.2%
top 10.06%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Roundcube Webmail
Timeline
PublishedDec 12
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

â–¶NVDroundcube/webmail0.1

🔴Vulnerability Details

3
GHSA
GHSA-5c8c-p877-w38h: Cross-site scripting (XSS) vulnerability in RoundCube webmail 0↗2022-05-01
â–¶
OSV
CVE-2007-6321: Cross-site scripting (XSS) vulnerability in RoundCube webmail 0↗2007-12-12
â–¶
CVEList
CVE-2007-6321: Cross-site scripting (XSS) vulnerability in RoundCube webmail 0↗2007-12-12
â–¶

💥Exploits & PoCs

1
Exploit-DB
Roundcube Webmail 0.1 - CSS Expression Input Validation↗2007-11-10
â–¶

📋Vendor Advisories

2
Red Hat
roundcubemail: XSS vulnerability↗2007-12-09
â–¶
Debian
CVE-2007-6321: roundcube - Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09...↗2007
â–¶

💬Community

1
Bugzilla
CVE-2007-6321 roundcubemail: XSS vulnerability↗2007-12-13
â–¶
CVE-2007-6321 — Cross-site Scripting in Webmail | cvebase