CVE-2013-5645
Published: 29 August 2013
Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote authenticated users to inject arbitrary web script or HTML via an HTML signature, related to save_identity.inc.
Priority
Status
Package | Release | Status |
---|---|---|
roundcube Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was not-affected [0.9.5-2])
|
|
upstream |
Released
(0.9.3)
|
|
utopic |
Not vulnerable
(0.9.5-2)
|
|
vivid |
Not vulnerable
(0.9.5-2)
|
|
wily |
Not vulnerable
(0.9.5-2)
|
|
xenial |
Not vulnerable
(0.9.5-2)
|
|
yakkety |
Not vulnerable
(0.9.5-2)
|
|
zesty |
Not vulnerable
(0.9.5-2)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5645
- http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github
- http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github
- http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3
- http://trac.roundcube.net/ticket/1489251
- NVD
- Launchpad
- Debian