Roundcube Webmail Background Attributes Email Message HTML Injection Vulnerability

Roundcube Webmail is prone to an HTML-injection vulnerability because the application fails to sufficiently sanitize user-supplied input before using it in dynamically generated content.

Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

Roundcube Webmail 0.2-stable is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus