Topic: Security: XSS vulnerability in roundcubemai-0.2-stable
All users use iRedMail-0.4.0 which ships roundcubemail-0.2-stable should
apply this patch *as soon as possible*.
There's a cross-site scripting (XSS) vulnerability in RoundCube
Webmail (roundcubemail) 0.2 stable allows remote attackers to inject
arbitrary web script or HTML via the background attribute embedded
in an HTML e-mail message.
http://cve.mitre.org/cgi-bin/cvename.cg … -2009-0413
Patch attachted. Please follow the steps to apply it.
* Backup your current roundcubemail directory. e.g. copy the whole
directory to /opt/backup/.
# cp -rfp /var/www/roundcubemail-0.2-stable/ /opt/backup/
* Download the patch, upload it to your mail server. We assume
you upload it to /opt/
* Change directory and apply the patch:
# cd /var/www/roundcubemail-0.2-stable/ # patch -p1 < /opt/roundcubemail-CVE-2009-0413.patch patching file program/lib/washtml.php
- Urgent issue? Pay iRedMail developer to solve it remotely at $39.