CVE-2015-5381

Published: 23 May 2017

Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
roundcube
Launchpad, Ubuntu, Debian
Upstream
Released (1.1.2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.2~beta+dfsg.1-0ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1.2~beta+dfsg.1-0ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)