This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Secunia reports :
Some vulnerabilities have been reported in RoundCube Webmail, which
can be exploited by malicious users to compromise a vulnerable system
and by malicious people to conduct script insertion attacks and
compromise a vulnerable system.
The HTML 'background' attribute within e.g. HTML emails is not
properly sanitised before being used. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site if a malicious email is viewed.
Input passed via a vCard is not properly sanitised before being used
in a call to 'preg_replace()' with the 'e' modifier in
program/include/rcube_vcard.php. This can be exploited to inject and
execute arbitrary PHP code by e.g. tricking a user into importing a
malicious vCard file.
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 4.3