Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2937

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-2937
Last Modified 03 Feb 2012 11:00:31
Published 21 Sep 2011 12:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2937

Summary

Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

Vulnerable Systems

Application

  • Roundcube Webmail 0.1

  • Roundcube Webmail 0.1.1

  • Roundcube Webmail 0.2

  • Roundcube Webmail 0.2.1

  • Roundcube Webmail 0.3

  • Roundcube Webmail 0.3.1

  • Roundcube Webmail 0.4

  • Roundcube Webmail 0.4.1

  • Roundcube Webmail 0.4.2

  • Roundcube Webmail 0.5

  • Roundcube Webmail 0.5.1

  • Roundcube Webmail 0.5.2

  • Roundcube Webmail 0.5.3


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=731786

CONFIRM - http://trac.roundcube.net/ticket/1488030

CONFIRM - http://trac.roundcube.net/changeset/5037

BID - 49229

MLIST - [oss-security] 20110819 Re: CVE request: roundcube XSS before 0.5.4

MLIST - [oss-security] 20110818 CVE request: roundcube XSS before 0.5.4

CONFIRM - http://trac.roundcube.net/browser/tags/roundcubemail/v0.5.4/CHANGELOG

CONFIRM - http://sourceforge.net/news/?group_id=139281&id=302769

CONFIRM - http://support.apple.com/kb/HT5130

APPLE - APPLE-SA-2012-02-01-1

Related Patches

Apple 2012-02-01 Mac OS X Server 10.7.3 Update

Apple 2012-02-01 Mac OS X 10.7.3 Update

Apple 2012-02-01 Mac OS X Server 10.7.3 Combo Update

Apple 2012-02-01 Mac OS X 10.7.3 Combo Update


Last Updated: 27 May 2016 10:57:24