Candidate: CVE-2011-2937
PublicDate: 2011-09-21 16:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2937
 http://www.openwall.com/lists/oss-security/2011/08/19/15
Description:
 Cross-site scripting (XSS) vulnerability in the UI messages functionality
 in Roundcube Webmail before 0.5.4 allows remote attackers to inject
 arbitrary web script or HTML via the _mbox parameter to the default URI.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_roundcube:
upstream_roundcube: released (0.5.4)
hardy_roundcube: ignored (reached end-of-life)
lucid_roundcube: ignored (reached end-of-life)
maverick_roundcube: ignored (reached end-of-life)
natty_roundcube: ignored (reached end-of-life)
oneiric_roundcube: released (0.5.4+dfsg-1)
precise_roundcube: released (0.5.4+dfsg-1)
quantal_roundcube: released (0.5.4+dfsg-1)
raring_roundcube: released (0.5.4+dfsg-1)
saucy_roundcube: released (0.5.4+dfsg-1)
devel_roundcube: released (0.5.4+dfsg-1)