Vigilance.fr - Roundcube: Cross Site Scripting via Content-Type / Content-Disposition Header, analyzed on 15/11/2023
January 2024 by Vigilance.fr
An attacker can trigger a Cross Site Scripting of Roundcube, via Content-Type / Content-Disposition Header, in order to run JavaScript code in the context of the web site.
Plus d'information sur : https://vigilance.fr/vulnerability/Roundcube-Cross-Site-Scripting-via-Content-Type-Content-Disposition-Header-42877