CVE-2012-3508

EPSS 8.1%

Published: 8/25/2012Modified: 5/29/2026

Also known as:DEBIAN-CVE-2012-3508

Description

Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.

Affected packages (1)

Debian/roundcubefrom 0, < 0.7.2-4

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-3508