CERT Polska and nullcathedral discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow an attacker to perform CSS injection attacks, or leak sensitive information.
https://security-tracker.debian.org/tracker/DSA-6137-1
Continue reading...
https://security-tracker.debian.org/tracker/DSA-6137-1
Continue reading...
