Bug 1016744 (CVE-2016-4552) - VUL-0: CVE-2016-4552: roundcubemail: Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0allows remote attackers t...
Summary: VUL-0: CVE-2016-4552: roundcubemail: Cross-site scripting (XSS) vulnerability...
Status: RESOLVED DUPLICATE of bug 982003
Alias: CVE-2016-4552
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Aeneas Jaißle
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/177992/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-12-21 15:46 UTC by Marcus Meissner
Modified: 2016-12-23 11:35 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-12-21 15:46:30 UTC 
CVE-2016-4552

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0
allows remote attackers to inject arbitrary web script or HTML via the href
attribute in an area tag in an e-mail message.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4552
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4552.html
https://github.com/roundcube/roundcubemail/wiki/Changelog#release-120
https://github.com/roundcube/roundcubemail/issues/5240
Comment 1 Marcus Meissner 2016-12-21 16:29:16 UTC 
we have newer versions released.
Comment 2 Marcus Meissner 2016-12-21 16:30:07 UTC 
mistaken clsoe ... opensuse still has older versions
Comment 3 Swamp Workflow Management 2016-12-21 23:01:04 UTC 
bugbot adjusting priority
Comment 4 Aeneas Jaißle 2016-12-23 11:35:49 UTC 
CVE-2016-5103 was marked as a duplicate of CVE-2016-4552

*** This bug has been marked as a duplicate of bug 982003 ***