Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2011-2937
Deferred
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-21 Sep, 2011 | 16:55
Updated At-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
Roundcube Webmail Project
roundcube
>>webmail>>Versions up to 0.5.3(inclusive)
cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.1
cpe:2.3:a:roundcube:webmail:0.1:*:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.1
cpe:2.3:a:roundcube:webmail:0.1:alpha:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.1
cpe:2.3:a:roundcube:webmail:0.1:beta:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.1
cpe:2.3:a:roundcube:webmail:0.1:beta2:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.1
cpe:2.3:a:roundcube:webmail:0.1:rc1:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.1
cpe:2.3:a:roundcube:webmail:0.1:rc2:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.1.1
cpe:2.3:a:roundcube:webmail:0.1.1:*:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.2
cpe:2.3:a:roundcube:webmail:0.2:*:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.2
cpe:2.3:a:roundcube:webmail:0.2:alpha:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.2
cpe:2.3:a:roundcube:webmail:0.2:beta:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.2.1
cpe:2.3:a:roundcube:webmail:0.2.1:*:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.3
cpe:2.3:a:roundcube:webmail:0.3:*:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.3
cpe:2.3:a:roundcube:webmail:0.3:beta:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.3
cpe:2.3:a:roundcube:webmail:0.3:rc1:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.3.1
cpe:2.3:a:roundcube:webmail:0.3.1:*:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.4
cpe:2.3:a:roundcube:webmail:0.4:*:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.4
cpe:2.3:a:roundcube:webmail:0.4:beta:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.4.1
cpe:2.3:a:roundcube:webmail:0.4.1:*:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.4.2
cpe:2.3:a:roundcube:webmail:0.4.2:*:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.5
cpe:2.3:a:roundcube:webmail:0.5:*:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.5
cpe:2.3:a:roundcube:webmail:0.5:beta:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.5
cpe:2.3:a:roundcube:webmail:0.5:rc:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.5.1
cpe:2.3:a:roundcube:webmail:0.5.1:*:*:*:*:*:*:*
Roundcube Webmail Project
roundcube
>>webmail>>0.5.2
cpe:2.3:a:roundcube:webmail:0.5.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlsecalert@redhat.com
N/A
http://sourceforge.net/news/?group_id=139281&id=302769secalert@redhat.com
N/A
http://support.apple.com/kb/HT5130secalert@redhat.com
N/A
http://trac.roundcube.net/browser/tags/roundcubemail/v0.5.4/CHANGELOGsecalert@redhat.com
N/A
http://trac.roundcube.net/changeset/5037secalert@redhat.com
Patch
http://trac.roundcube.net/ticket/1488030secalert@redhat.com
Exploit
Patch
http://www.openwall.com/lists/oss-security/2011/08/18/5secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2011/08/19/15secalert@redhat.com
N/A
http://www.securityfocus.com/bid/49229secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=731786secalert@redhat.com
Exploit
Patch
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://sourceforge.net/news/?group_id=139281&id=302769af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT5130af854a3a-2127-422b-91ae-364da2661108
N/A
http://trac.roundcube.net/browser/tags/roundcubemail/v0.5.4/CHANGELOGaf854a3a-2127-422b-91ae-364da2661108
N/A
http://trac.roundcube.net/changeset/5037af854a3a-2127-422b-91ae-364da2661108
Patch
http://trac.roundcube.net/ticket/1488030af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
http://www.openwall.com/lists/oss-security/2011/08/18/5af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2011/08/19/15af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/49229af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=731786af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
Change History
0Changes found
Details not found