Debian: DSA-5572-1: roundcube security update
Dec04
on December 4, 2023
at 9:42 am
Posted In: Uncategorized
Rene Rehme discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly set headers when handling attachments. This would allow an attacker to load arbitrary JavaScript code.