An XSS flaw was reported [1] in roundcube's message handling functionality. It has been fixed [2] upstream in r5037. [1] http://trac.roundcube.net/ticket/1488030 [2] http://trac.roundcube.net/changeset/5037
Created roundcubemail tracking bugs for this issue Affects: fedora-all [bug 731787] Affects: epel-6 [bug 731788]
This was assigned the name CVE-2011-2937 and is addressed in 0.5.4: http://sourceforge.net/news/?group_id=139281&id=302769