CVE-2009-0413

Description

Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.

How to fix CVE-2009-0413

To remediate CVE-2009-0413, upgrade the affected package to a fixed version below.

• Debian/roundcube—upgrade to 0.2~stable-1 or later

Is CVE-2009-0413 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.2~stable-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-0413