CVE-2015-8105
Published: 10 November 2015
Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.
Priority
Status
Package | Release | Status |
---|---|---|
roundcube Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(1.1.3+dfsg.1-1)
|
bionic |
Not vulnerable
(1.3.6+dfsg.1-1)
|
|
cosmic |
Not vulnerable
(1.3.6+dfsg.1-1)
|
|
disco |
Not vulnerable
(1.3.6+dfsg.1-1)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(1.1.3, 1.0.7)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(1.1.3+dfsg.1-1)
|
|
yakkety |
Not vulnerable
(1.1.3+dfsg.1-1)
|
|
zesty |
Not vulnerable
(1.1.3+dfsg.1-1)
|