Unrated severityNVD Advisory· Published Aug 25, 2012· Updated Apr 29, 2026

CVE-2012-3508

Description

Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.

Affected products

Roundcube/Webmail
cpe:2.3:a:roundcube:webmail:0.8.0:*:*:*:*:*:*:*

Patches

5ef8e4ad9d3e

https://github.com/roundcube/roundcubemailvia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59eenvdPatch
secunia.com/advisories/50279nvdVendor Advisory
sourceforge.net/news/nvd
trac.roundcube.net/ticket/1488613nvd
www.openwall.com/lists/oss-security/2012/08/20/2nvd
www.openwall.com/lists/oss-security/2012/08/20/9nvd
www.securelist.com/en/advisories/50279nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.030
kev	0.000
patch	-0.070
ransomware	0.000