Your submission was sent successfully! Close

CVE-2015-1433

Published: 03 February 2015

program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.

Priority

Medium

Status

Package Release Status
roundcube
Launchpad, Ubuntu, Debian
Upstream
Released (0.9.5+dfsg1-4.2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.3.6+dfsg.1-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(0.9.5+dfsg1-4.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)