CVE-2016-4552Cross-site Scripting in Webmail

CWE-79Cross-site Scripting6 documents6 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 48.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Roundcube Webmail
Timeline
PublishedDec 20
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-23fp-mccx-jgj3: Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 12022-05-17
OSV
CVE-2016-4552: Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 12016-12-20
CVEList
CVE-2016-4552: Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 12016-12-20

📋Vendor Advisories

1
Debian
CVE-2016-4552: roundcube - Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allow...2016

💬Community

1
Bugzilla
CVE-2016-4552 roundcube: XSS vulnerability in mail content page2016-05-25
CVE-2016-4552 — Cross-site Scripting in Webmail | cvebase