CVE-2012-3507 — Cross-site Scripting in Webmail

CWE-79 — Cross-site Scripting8 documents5 sources
Severity
2.6LOWNVD
EPSS
0.4%
top 38.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Roundcube Webmail
Timeline
PublishedAug 25
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

â–¶NVDroundcube/webmail0.7.3+19

🔴Vulnerability Details

2
GHSA
GHSA-4x5w-wj77-jppr: Cross-site scripting (XSS) vulnerability in program/steps/mail/func↗2022-05-17
â–¶
CVEList
CVE-2012-3507: Cross-site scripting (XSS) vulnerability in program/steps/mail/func↗2012-08-25
â–¶

📋Vendor Advisories

1
Debian
CVE-2012-3507: roundcube - Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in Round...↗2012
â–¶

💬Community

4
Bugzilla
CVE-2012-3507 roundcubemail: XSS in program/steps/mail/func.inc fixed in 0.8.0↗2012-08-27
â–¶
Bugzilla
CVE-2012-3507 roundcubemail: XSS in program/steps/mail/func.inc fixed in 0.8.0 [epel-all]↗2012-08-27
â–¶
Bugzilla
CVE-2012-3507 roundcubemail: XSS in program/steps/mail/func.inc fixed in 0.8.0 [fedora-all]↗2012-08-27
â–¶
Bugzilla
CVE-2012-3508 roundcubemail: XSS by processing signatures in HTML mode↗2012-08-20
â–¶
CVE-2012-3507 — Cross-site Scripting in Webmail | cvebase