CVE-2012-6121
UnknownEPSS 2.05%
Last modified
CVE-2012-6121 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.. EPSS estimates a 2.05% chance of exploitation in the next 30 days.
Description
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Roundcube | Webmail | <= 0.8.4 | — |
| Roundcube | Webmail | 0.1 | Beta |
| Roundcube | Webmail | 0.1.1 | — |
| Roundcube | Webmail | 0.2 | — |
| Roundcube | Webmail | 0.2.1 | — |
| Roundcube | Webmail | 0.2.2 | — |
| Roundcube | Webmail | 0.3 | — |
| Roundcube | Webmail | 0.3.1 | — |
| Roundcube | Webmail | 0.4 | — |
| Roundcube | Webmail | 0.4.1 | — |
| Roundcube | Webmail | 0.4.2 | — |
| Roundcube | Webmail | 0.5 | — |
| Roundcube | Webmail | 0.5.1 | — |
| Roundcube | Webmail | 0.5.2 | — |
| Roundcube | Webmail | 0.5.3 | — |
| Roundcube | Webmail | 0.5.4 | — |
| Roundcube | Webmail | 0.6 | — |
| Roundcube | Webmail | 0.7 | — |
| Roundcube | Webmail | 0.7.1 | — |
| Roundcube | Webmail | 0.7.2 | — |
| Roundcube | Webmail | 0.7.3 | — |
| Roundcube | Webmail | 0.8.0 | — |
| Roundcube | Webmail | 0.8.1 | — |
| Roundcube | Webmail | 0.8.2 | — |
| Roundcube | Webmail | 0.8.3 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-6121?
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.
How severe is CVE-2012-6121?
Severity scoring for CVE-2012-6121 is pending analysis. The EPSS model estimates a 2.05% probability of exploitation in the next 30 days.
How do I fix CVE-2012-6121?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2012-6121?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST