CVE-2015-1433
EPSS 0.68%發布日:2015/2/3修改日:2026/5/29
描述
program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.
受影響套件(1)
- Debian/roundcubefrom 0, < 0.9.5+dfsg1-4.2