AVG-199

Package roundcubemail
Status Fixed
Severity Medium
Type cross-site scripting
Affected 1.2.3-1
Fixed 1.2.4-1
Current 1.3.4-1 [community]
Ticket None
Created Sun Mar 12 17:48:03 2017
Issue Severity Remote Type Description
CVE-2017-6820 Medium Yes Cross-site scripting
It has been discovered that rcube_utils.php in Roundcube before 1.1.8 and before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted...
Date Advisory Package Description
14 Mar 2017 ASA-201703-10 roundcubemail cross-site scripting
References
http://seclists.org/oss-sec/2017/q1/583
Notes
Fixed as per CVE description.