Description
Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Shai rod · pythonwebappsphp
https://www.exploit-db.com/exploits/20549
References (5)
Core 5
Core References
Various Sources x_refsource_confirm
http://trac.roundcube.net/ticket/1488613
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/08/20/9
Patch x_refsource_confirm
https://github.com/roundcube/roundcubemail/commit/c086978f6a91eacb339fd2976202fca9dad2ef32
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/08/20/2
Product x_refsource_confirm
http://sourceforge.net/news/?group_id=139281&id=309011
Scores
EPSS
0.0334
EPSS Percentile
87.4%
Details
CWE
CWE-79
Status
published
Products (22)
roundcube/webmail
0.1 (6 CPE variants)
roundcube/webmail
0.1.1
roundcube/webmail
0.2 (3 CPE variants)
roundcube/webmail
0.2.1
roundcube/webmail
0.2.2
roundcube/webmail
0.3 (3 CPE variants)
roundcube/webmail
0.3.1
roundcube/webmail
0.4 (2 CPE variants)
roundcube/webmail
0.4.1
roundcube/webmail
0.4.2
... and 12 more
Published
Aug 25, 2012
Tracked Since
Feb 18, 2026