NuytsTech Security

CVE-2015-5381

by ·

Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

Date published : 2017-05-22

http://trac.roundcube.net/ticket/1490417

https://github.com/roundcube/roundcubemail/commit/b782815dacda55eee6793249b5da1789256206fc

Tags: