CVE-2012-4668

Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://sourceforge.net/news/?group_id=139281&id=309011
http://trac.roundcube.net/ticket/1488613
http://www.openwall.com/lists/oss-security/2012/08/20/2
http://www.openwall.com/lists/oss-security/2012/08/20/9
https://github.com/roundcube/roundcubemail/commit/c086978f6a91eacb339fd2976202fca9dad2ef32	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:roundcube:webmail::::::::
	cpe:2.3:a:roundcube:webmail:0.1:::::::*
	cpe:2.3:a:roundcube:webmail:0.1:alpha::::::
	cpe:2.3:a:roundcube:webmail:0.1:beta::::::
	cpe:2.3:a:roundcube:webmail:0.1:beta2::::::
	cpe:2.3:a:roundcube:webmail:0.1:rc1::::::
	cpe:2.3:a:roundcube:webmail:0.1:rc2::::::
	cpe:2.3:a:roundcube:webmail:0.1.1:::::::*
	cpe:2.3:a:roundcube:webmail:0.2:::::::*
	cpe:2.3:a:roundcube:webmail:0.2:alpha::::::
	cpe:2.3:a:roundcube:webmail:0.2:beta::::::
	cpe:2.3:a:roundcube:webmail:0.2.1:::::::*
	cpe:2.3:a:roundcube:webmail:0.2.2:::::::*
	cpe:2.3:a:roundcube:webmail:0.3:::::::*
	cpe:2.3:a:roundcube:webmail:0.3:beta::::::
	cpe:2.3:a:roundcube:webmail:0.3:rc1::::::
	cpe:2.3:a:roundcube:webmail:0.3.1:::::::*
	cpe:2.3:a:roundcube:webmail:0.4:::::::*
	cpe:2.3:a:roundcube:webmail:0.4:beta::::::
	cpe:2.3:a:roundcube:webmail:0.4.1:::::::*
	cpe:2.3:a:roundcube:webmail:0.4.2:::::::*
	cpe:2.3:a:roundcube:webmail:0.5:::::::*
	cpe:2.3:a:roundcube:webmail:0.5:beta::::::
	cpe:2.3:a:roundcube:webmail:0.5:rc::::::
	cpe:2.3:a:roundcube:webmail:0.5.1:::::::*
	cpe:2.3:a:roundcube:webmail:0.5.2:::::::*
	cpe:2.3:a:roundcube:webmail:0.5.3:::::::*
	cpe:2.3:a:roundcube:webmail:0.5.4:::::::*
	cpe:2.3:a:roundcube:webmail:0.6:::::::*
	cpe:2.3:a:roundcube:webmail:0.7:::::::*
	cpe:2.3:a:roundcube:webmail:0.7.1:::::::*
	cpe:2.3:a:roundcube:webmail:0.7.2:::::::*
	cpe:2.3:a:roundcube:webmail:0.7.3:::::::*
	cpe:2.3:a:roundcube:webmail:0.8.0:::::::*

History

No history.

Information

Published : 2012-08-25 10:29

Updated : 2024-02-04 18:16

NVD link : CVE-2012-4668

Mitre link : CVE-2012-4668

CVE.ORG link : CVE-2012-4668

JSON object : View

Products Affected

roundcube

webmail

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3 /10