CVE-2011-2937 — Cross-site Scripting in Webmail

CWE-79 — Cross-site Scripting11 documents6 sources

Severity

6.1MEDIUMNVD

NVD4.3CNA4.3OSV4.3

EPSS

0.5%

top 32.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Roundcube Webmail

Timeline

PublishedSep 21

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDroundcube/webmail0.5.3+15

Patches

Patch: trac.roundcube.net ↗Patch: trac.roundcube.net ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-cxwg-vcpf-j5j6: Cross-site scripting (XSS) vulnerability in program/include/rcmail↗2022-05-17

▶

GHSA

GHSA-c8f2-q59w-gpfp: Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0↗2022-05-17

▶

CVEList

CVE-2015-8793: Cross-site scripting (XSS) vulnerability in program/include/rcmail↗2016-01-29

▶

OSV

CVE-2015-8793: Cross-site scripting (XSS) vulnerability in program/include/rcmail↗2016-01-29

▶

CVEList

CVE-2011-2937: Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0↗2011-09-21

▶

📋Vendor Advisories

Debian

CVE-2015-8793: roundcube - Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundc...↗2015

▶

Debian

CVE-2011-2937: roundcube - Cross-site scripting (XSS) vulnerability in the UI messages functionality in Rou...↗2011

▶

💬Community

Bugzilla

CVE-2011-2937 roundcubemail: XSS flaw in UI messages↗2011-08-18

▶