VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Feb 24, 2013· Updated Apr 29, 2026

CVE-2012-6121

CVE-2012-6121

Description

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.

Affected products

38
  • Roundcube/Webmail38 versions
    cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*+ 37 more
    • cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*range: <=0.8.4
    • cpe:2.3:a:roundcube:webmail:0.1:beta:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:beta2:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:rc2:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1:stable:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.2:alpha:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.2:beta:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.2:stable:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.3:beta:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.3:rc1:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.3:stable:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.4:beta:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5:beta:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5:rc:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:roundcube:webmail:0.8.3:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.