Summary: | <mail-client/roundcube-0.8.5: Cross-site scripting (XSS) in vbscript: and data:text URL handling (CVE-2012-6121) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=909289 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-02-10 15:12:46 UTC
CVE-2012-6121 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6121): Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link. This was fixed in 0.8.5 which was added to the tree a while before this was opened. Arches, please stabilize: =mail-client/roundcube-0.8.5 arm stable ppc stable amd64 stable x86 stable Closing noglsa for XSS issue. |