Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3508

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3508
Last Modified 29 Aug 2012 12:00:00
Published 25 Aug 2012 06:29:52
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3508

Summary

Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.

Vulnerable Systems

Application

  • Roundcube Webmail 0.8.0


References

CONFIRM - https://github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee

MISC - http://www.securelist.com/en/advisories/50279

MLIST - [oss-security] 20120820 Re: CVE-request: Roundcube XSS issues

MLIST - [oss-security] 20120820 CVE-request: Roundcube XSS issues

CONFIRM - http://trac.roundcube.net/ticket/1488613

CONFIRM - http://sourceforge.net/news/?group_id=139281&id=309011

SECUNIA - 50279


Last Updated: 27 May 2016 11:00:20