CVE-2015-8105
EPSS 0.18%Published: 11/10/2015Modified: 5/29/2026
Also known as:DEBIAN-CVE-2015-8105
Description
Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.
Affected packages (1)
- Debian/roundcubefrom 0, < 1.1.3+dfsg.1-1