cbcvebase.
CVE-2012-6121
published 2013-02-24

CVE-2012-6121: Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text…

PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.05%
78.8th percentile
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
debianroundcube
roundcubewebmail<= 0.8.4
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail
roundcubewebmail

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.