[Pkg-roundcube-maintainers] Bug#514179: CVE-2009-0413: possible XSS issue
steffen.joeris at skolelinux.de
Wed Feb 4 23:13:05 UTC 2009
the following CVE (Common Vulnerabilities & Exposures) id was
published for roundcube.
| Cross-site scripting (XSS) vulnerability in RoundCube Webmail
| (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary
| web script or HTML via the background attribute embedded in an HTML
| e-mail message.
This bugreport concerns the experimental version. The other versions
don't seem to be affected after a quick glance. The published upstream
patch is here.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
More information about the Pkg-roundcube-maintainers