Vulnerability Details CVE-2016-4552
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.7%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00101.html
- https://github.com/roundcube/roundcubemail/issues/5240
- https://github.com/roundcube/roundcubemail/wiki/Changelog#release-120
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00101.html
- https://github.com/roundcube/roundcubemail/issues/5240
- https://github.com/roundcube/roundcubemail/wiki/Changelog#release-120