Launchpad.net

CVE 2013-5645

Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote authenticated users to inject arbitrary web script or HTML via an HTML signature, related to save_identity.inc.

Related bugs and status

CVE-2013-5645 (Candidate) is related to these bugs:

Bug #1256293: Please sync roundcube from Debian sid version 0.9.4-1.1 or greater

		In	Importance	Status
1256293	Please sync roundcube from Debian sid version 0.9.4-1.1 or greater	roundcube (Ubuntu)	Undecided	Fix Released
1256293	Please sync roundcube from Debian sid version 0.9.4-1.1 or greater	roundcube (Ubuntu Saucy)	Undecided	Won't Fix
1256293	Please sync roundcube from Debian sid version 0.9.4-1.1 or greater	roundcube (Ubuntu Trusty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-5645

Related bugs and status

Related bugs

References