CVE-2012-4668
Roundcube Webmail <0.8.1 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Shai rod · pythonwebappsphp
https://www.exploit-db.com/exploits/20549
References (5)
Scores
EPSS
0.0506
EPSS Percentile
89.7%
Classification
CWE
CWE-79
Status
published
Affected Products (35)
roundcube/webmail
roundcube/webmail
< 0.8.1
roundcube/webmail
roundcube/webmail
roundcube/webmail
roundcube/webmail
roundcube/webmail
roundcube/webmail
roundcube/webmail
roundcube/webmail
roundcube/webmail
roundcube/webmail
roundcube/webmail
roundcube/webmail
roundcube/webmail
... and 20 more
Timeline
Published
Aug 25, 2012
Tracked Since
Feb 18, 2026