<![CDATA[iRedMail — Security: XSS vulnerability in roundcubemai-0.2-stable]]> https://forum.iredmail.org/topic4-security-xss-vulnerability-in-roundcubemai02stable.html Wed, 20 May 2009 16:39:06 +0000 PunBB <![CDATA[Re: Security: XSS vulnerability in roundcubemai-0.2-stable]]> https://forum.iredmail.org/post122.html#p122 Successfully applied.

]]> Wed, 20 May 2009 16:39:06 +0000 https://forum.iredmail.org/post122.html#p122 <![CDATA[Re: Security: XSS vulnerability in roundcubemai-0.2-stable]]> https://forum.iredmail.org/post29.html#p29 Thank you.

]]> Thu, 07 May 2009 14:15:35 +0000 https://forum.iredmail.org/post29.html#p29 <![CDATA[Security: XSS vulnerability in roundcubemai-0.2-stable]]> https://forum.iredmail.org/post6.html#p6 Hi, all.

All users use iRedMail-0.4.0 which ships roundcubemail-0.2-stable should
apply this patch *as soon as possible*.

Description:

   There's a cross-site scripting (XSS) vulnerability in RoundCube
   Webmail (roundcubemail) 0.2 stable allows remote attackers to inject
   arbitrary web script or HTML via the background attribute embedded
   in an HTML e-mail message.

Reference:

   * CVE-2009-0413
     http://cve.mitre.org/cgi-bin/cvename.cg … -2009-0413

Patch attachted. Please follow the steps to apply it.

   * Backup your current roundcubemail directory. e.g. copy the whole
     directory to /opt/backup/.

# cp -rfp /var/www/roundcubemail-0.2-stable/ /opt/backup/

   * Download the patch, upload it to your mail server. We assume
     you upload it to /opt/

   * Change directory and apply the patch:

# cd /var/www/roundcubemail-0.2-stable/
# patch -p1 < /opt/roundcubemail-CVE-2009-0413.patch
patching file program/lib/washtml.php
]]> Wed, 06 May 2009 10:27:35 +0000 https://forum.iredmail.org/post6.html#p6