Cross-Site Scripting in roundcubemail
ID: | FEDORA-2013-15221 |
Distribution: | Fedora |
Plattformen: | Fedora 19 |
Datum: | Do, 29. August 2013, 11:34 |
Referenzen: | http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3 |
Applikationen: | RoundCube Webmail |
Originalnachricht |
|
Name : roundcubemail Product : Fedora 19 Version : 0.9.3 Release : 2.fc19 URL : http://www.roundcube.net Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. -------------------------------------------------------------------------------- Update Information: Two XSS flaws were fixed in roundcube 0.9.3 [1]: * Fix XSS vulnerability when saving HTML signatures [2],[3] * Fix XSS vulnerability when editing a message "as new" or draft [2],[4] [1] http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3 [2] http://trac.roundcube.net/ticket/1489251 [3] http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github [4] http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 23 2013 Adam Williamson |