Advisories ยป MGASA-2017-0092

Updated roundcubemail package fixes security vulnerability

Publication date: 27 Mar 2017
Modification date: 27 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-6820

Description

rcube_utils.php in Roundcube before 1.1.8 and before 1.2.4 is
susceptible to a cross-site scripting vulnerability via a crafted
Cascading Style Sheets (CSS) token sequence within an SVG element
(CVE-2017-6820).
                

References

SRPMS

5/core