CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
66.3%
RoundCube branch 0.8.x prior to the version 0.8.1 is prone
to the cross-scripting attack (XSS) originating from incoming
HTML e-mails: due to the lack of proper sanitization
of JavaScript code inside the “href” attribute, sender
could launch XSS attack when recipient opens the message
in RoundCube interface.