{"id":"CVE-2012-3508","details":"Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using \"javascript:\" in an href attribute in the body of an HTML-formatted email.","modified":"2026-04-10T03:42:25.292361Z","published":"2012-08-25T10:29:52Z","related":["openSUSE-SU-2024:10491-1"],"references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/50279"},{"type":"ADVISORY","url":"http://www.securelist.com/en/advisories/50279"},{"type":"FIX","url":"https://github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee"},{"type":"WEB","url":"http://sourceforge.net/news/?group_id=139281&id=309011"},{"type":"WEB","url":"http://trac.roundcube.net/ticket/1488613"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/08/20/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/08/20/9"}],"schema_version":"1.7.5"}