Vigilance.fr - Roundcube: Cross Site Scripting via Content-Type / Content-Disposition Header, analyzed on 15/11/2023
January 2024 by Vigilance.fr
An attacker can trigger a Cross Site Scripting of Roundcube, via Content-Type / Content-Disposition Header, in order to run JavaScript code in the context of the web site.