Unrated severityNVD Advisory· Published Nov 10, 2015· Updated Jun 17, 2026
CVE-2015-8105
CVE-2015-8105
Description
Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- Range: <1.0.7, 1.1.x <1.1.3
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.