Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-0413

Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.

Related bugs and status

CVE-2009-0413 (Candidate) is related to these bugs:

Bug #315193: new roundcube stable release (0.2)

Summary				In	Importance	Status
	315193	new roundcube stable release (0.2)		roundcube (Ubuntu)	Undecided	Fix Released
	315193	new roundcube stable release (0.2)		roundcube (Debian)	Unknown	Fix Released

Bug #345263: Sync php-mdb2 2.4.1-1 (universe) from Debian unstable (main).

Summary				In	Importance	Status
	345263	Sync php-mdb2 2.4.1-1 (universe) from Debian unstable (main).		Ubuntu	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://trac.roundcube....
BID: 33372
SECUNIA: 33622
FEDORA: FEDORA-2009-1256
SECUNIA: 33827
VUPEN: ADV-2009-0192
XF: roundcube-html-xss(48129)