257956 – (CVE-2009-0413) <=mail-client/roundcube-0.2 XSS vulnerability (CVE-2009-0413)

Bug 257956 (CVE-2009-0413) - <=mail-client/roundcube-0.2 XSS vulnerability (CVE-2009-0413)

Summary: <=mail-client/roundcube-0.2 XSS vulnerability (CVE-2009-0413)

Status:	RESOLVED FIXED

Alias:	CVE-2009-0413

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://trac.roundcube.net/changeset/2245
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2009-02-06 22:00 UTC by Stefan Behte (RETIRED)
Modified:	2010-04-30 17:29 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2009-02-06 22:00:36 UTC

CVE-2009-0413 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0413):
  Cross-site scripting (XSS) vulnerability in RoundCube Webmail
  (roundcubemail) 0.2 stable allows remote attackers to inject
  arbitrary web script or HTML via the background attribute embedded in
  an HTML e-mail message.

Comment 1 tanstaafl@libertytrek.org 2009-03-11 11:45:08 UTC

0.2.1 has been released with a LOT of bug fixes...

version bump? :)

http://sourceforge.net/forum/forum.php?forum_id=927958

Comment 2 Stefan Behte (RETIRED) gentoo-dev

2009-04-23 17:15:41 UTC

Thanks, closing noglsa as it does not have a stable version (wrong whiteboard...).