CVE-2012-6121 — Cross-site Scripting in Webmail

CWE-79 — Cross-site Scripting8 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 38.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Roundcube Webmail

Timeline

PublishedFeb 24

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDroundcube/webmail0.8.4+24

🔴Vulnerability Details

GHSA

GHSA-m6c6-6vhq-xhvp: Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0↗2022-05-17

▶

CVEList

CVE-2012-6121: Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0↗2013-02-24

▶

OSV

CVE-2012-6121: Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0↗2013-02-24

▶

📋Vendor Advisories

Debian

CVE-2012-6121: roundcube - Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allow...↗2012

▶

💬Community

Bugzilla

CVE-2012-6121 roundcubemail: Cross-site scripting (XSS) in vbscript: and data:text URL handling↗2013-02-08

▶

Bugzilla

CVE-2012-6121 roundcubemail: Cross-site scripting (XSS) in vbscript: and data:text URL handling [epel-6]↗2013-02-08

▶

Bugzilla

CVE-2012-6121 roundcubemail: Cross-site scripting (XSS) in vbscript: and data:text URL handling [fedora-all]↗2013-02-08

▶