CVE-2012-4668
EPSS 3.3%
Description
Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.
How to fix CVE-2012-4668
To remediate CVE-2012-4668, upgrade the affected package to a fixed version below.
- Debian/roundcube—upgrade to 0.7.2-4 or later
Is CVE-2012-4668 being exploited?
Low — EPSS is 3.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.7.2-4