VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Aug 25, 2012· Updated Apr 29, 2026

CVE-2012-4668

CVE-2012-4668

Description

Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.

Affected products

34
  • Roundcube/Webmail34 versions
    cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*+ 33 more
    • cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*range: <=0.8.1
    • cpe:2.3:a:roundcube:webmail:0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:alpha:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:beta:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:beta2:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:rc2:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.2:alpha:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.2:beta:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.3:beta:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.3:rc1:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.4:beta:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5:beta:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5:rc:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.8.0:*:*:*:*:*:*:*

Patches

1
c086978f6a91
https://github.com/roundcube/roundcubemailvia nvd-ref
commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.