Bug 828556 - (CVE-2012-1253) CVE-2012-1253 roundcubemail: XSS flaw fixed in 0.7
CVE-2012-1253 roundcubemail: XSS flaw fixed in 0.7
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 828557 828558
  Show dependency treegraph
Reported: 2012-06-04 17:43 EDT by Vincent Danen
Modified: 2016-03-04 05:47 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-26 15:26:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2012-06-04 17:43:11 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-1253 to
the following vulnerability:

Name: CVE-2012-1253
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1253
Assigned: 20120221
Reference: http://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.7/
Reference: JVN:JVN#21422837
Reference: http://jvn.jp/en/jp/JVN21422837/index.html
Reference: JVNDB:JVNDB-2012-000050
Reference: http://jvndb.jvn.jp/jvndb/JVNDB-2012-000050

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before
0.7, when Internet Explorer is used, allows remote attackers to inject
arbitrary web script or HTML via vectors involving an embedded image
Comment 1 Vincent Danen 2012-06-04 17:44:19 EDT
Created roundcubemail tracking bugs for this issue

Affects: epel-all [bug 828557]
Affects: fedora-16 [bug 828558]

Note You need to log in before you can comment on or make changes to this bug.