CVE-2015-8105

EPSS 0.18%

發布日:2015/11/10修改日:2026/5/29

描述

Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.

受影響套件(1)

Debian/roundcubefrom 0, < 1.1.3+dfsg.1-1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-8105