CVE-2009-0413 — Cross-site Scripting in Webmail

CWE-79 — Cross-site Scripting7 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 38.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Roundcube Webmail

Timeline

PublishedFeb 3

Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDroundcube/webmail0.2

🔴Vulnerability Details

GHSA

GHSA-5c64-7m9p-wp5p: Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0↗2022-05-02

▶

CVEList

CVE-2009-0413: Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0↗2009-02-03

▶

OSV

CVE-2009-0413: Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0↗2009-02-03

▶

📋Vendor Advisories

Red Hat

roundcubemail: Remotely exploitable web script or HTML code injection vulnerability via the background attribute embedded in an HTML e-mail message (XSS)↗2009-01-20

▶

Debian

CVE-2009-0413: roundcube - Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0....↗2009

▶

💬Community

Bugzilla

CVE-2009-0413 roundcubemail: Remotely exploitable web script or HTML code injection vulnerability via the background attribute embedded in an HTML e-mail message (XSS)↗2009-02-04

▶