Vulnerability Database

296,147

Total vulnerabilities in the database

CVE-2012-3507

Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.

  • Published: Aug 25, 2012
  • Updated: Apr 13, 2023
  • CVE: CVE-2012-3507
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 2.6
  • AV:N/AC:H/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
roundcube / webmail 0.5.2 0.5.2.x
roundcube / webmail 0.5.4 0.5.4.x
roundcube / webmail 0.1-rc1 0.1-rc1.x
roundcube / webmail 0.1-20050820 0.1-20050820.x
roundcube / webmail 0.1-20051007 0.1-20051007.x
roundcube / webmail 0.4 0.4.x
roundcube / webmail 0.1 0.1.x
roundcube / webmail 0.1-beta2 0.1-beta2.x
roundcube / webmail 0.1-beta 0.1-beta.x
roundcube / webmail 0.1-20050811 0.1-20050811.x
roundcube / webmail 0.3-rc1 0.3-rc1.x
roundcube / webmail 0.5-rc 0.5-rc.x
roundcube / webmail 0.2-stable 0.2-stable.x
roundcube / webmail 0.2-alpha 0.2-alpha.x
roundcube / webmail 0.1-rc2 0.1-rc2.x
roundcube / webmail 0.3-beta 0.3-beta.x
roundcube / webmail 0.1-stable 0.1-stable.x
roundcube / webmail 0.7 0.7.x
roundcube / webmail 0.5-beta 0.5-beta.x
roundcube / webmail 0.4.2 0.4.2.x
roundcube / webmail 0.1-20051021 0.1-20051021.x
roundcube / webmail 0.5.1 0.5.1.x
roundcube / webmail 0.7.2 0.7.2.x
roundcube / webmail 0.6 0.6.x
roundcube / webmail 0.2.2 0.2.2.x
roundcube / webmail 0.3 0.3.x
roundcube / webmail 0.1.1 0.1.1.x
roundcube / webmail 0.4-beta 0.4-beta.x
roundcube / webmail 0.1-alpha 0.1-alpha.x
roundcube / webmail 0.4.1 0.4.1.x
roundcube / webmail 0.7.1 0.7.1.x
roundcube / webmail 0.2 0.2.x
roundcube / webmail 0.5.3 0.5.3.x
roundcube / webmail 0.2-beta 0.2-beta.x
roundcube / webmail 0.3.1 0.3.1.x
roundcube / webmail 0.5 0.5.x
roundcube / webmail 0.2.1 0.2.1.x
roundcube / webmail 0.3-stable 0.3-stable.x
roundcube / webmail - 0.7.3.x