Summary: | <mail-client/roundcube-1.0.5: XSS (CVE-2015-1433) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://trac.roundcube.net/wiki/Changelog#RELEASE1.0.5 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-01-31 14:25:03 UTC
Setting Dependency on Bug #534766 for cleanup No GLSA for Cross Site Scripting. CVE-2015-1433 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1433): program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email. Maintainer(s), Thank you for cleanup! Closing noglsa. |