FreeBSD : roundcube -- XSS vulnerability (4ae68e7c-dda4-11e0-a906-00215c6a37bb)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

RoundCube development Team reports :

We just published a new release which fixes a recently reported XSS
vulnerability as an update to the stable 0.5 branch. Please update
your installations with this new version or patch them with the fix
which is also published in the downloads section or our
sourceforge.net page.

and :

During one of pen-tests I found that _mbox parameter is not properly
sanitized and reflected XSS attack is possible.

See also :

http://www.nessus.org/u?876771eb

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 56168 ()

Bugtraq ID:

CVE ID: CVE-2011-2937

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now