Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-qfyq-umv5-e7h1

Summary Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.

Aliases

alias	CVE-2012-3508

Fixed_packages

url	pkg:deb/debian/roundcube@0.7.2-4?distro=trixie
purl	pkg:deb/debian/roundcube@0.7.2-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@0.7.2-4%3Fdistro=trixie

url pkg:deb/debian/roundcube@0.7.2-9%2Bdeb7u2

purl pkg:deb/debian/roundcube@0.7.2-9%2Bdeb7u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14vp-t71a-4bh1

vulnerability	VCID-23v8-vzqs-j3f6

vulnerability	VCID-2eyy-k49d-m3af

vulnerability	VCID-2hap-9mqs-v3b8

vulnerability	VCID-2k4q-26tk-j3gx

vulnerability	VCID-2nb2-9vgp-tqg9

vulnerability	VCID-36et-26h7-pke7

vulnerability	VCID-3kyu-tx4q-p3aq

vulnerability	VCID-489e-j7sj-5kgv

vulnerability	VCID-4yzj-hrqv-vbcp

vulnerability	VCID-5yts-xnha-4bf3

vulnerability	VCID-76t7-q4pa-gkct

vulnerability	VCID-79me-pjdn-ykgq

vulnerability	VCID-7nn6-aywu-z7g8

vulnerability	VCID-8vmm-1hvf-17ap

vulnerability	VCID-8xf2-hjfv-hybh

vulnerability	VCID-9der-5csu-nbbq

vulnerability	VCID-9ktu-55q4-3kau

vulnerability	VCID-9uqr-ph81-gfef

vulnerability	VCID-9uv1-gqq7-3kc9

vulnerability	VCID-brmp-djyb-q3b7

vulnerability	VCID-c4ys-1wzp-vqej

vulnerability	VCID-cjkd-2jr6-n7as

vulnerability	VCID-ck88-1urs-2kes

vulnerability	VCID-cnkc-vcp7-6kcw

vulnerability	VCID-ddfq-28qm-2fbn

vulnerability	VCID-dzu5-531f-qqgy

vulnerability	VCID-ekhg-mmjb-v3c3

vulnerability	VCID-fuh5-bwaq-yyfk

vulnerability	VCID-g7dn-kxs3-p7bx

vulnerability	VCID-gh6k-19h8-fqbf

vulnerability	VCID-hg1a-vx5c-hue3

vulnerability	VCID-j29t-cw2h-mfd8

vulnerability	VCID-ja7n-zgpp-dfh4

vulnerability	VCID-jck5-xymf-s3bh

vulnerability	VCID-jqs5-8ct7-wfgk

vulnerability	VCID-kf54-x29g-63fb

vulnerability	VCID-kyxz-v3sj-w3cw

vulnerability	VCID-m4yc-ms54-zyhv

vulnerability	VCID-ncbg-6m11-3qan

vulnerability	VCID-qr2m-f4yw-qqa5

vulnerability	VCID-qwak-6wgy-wfgs

vulnerability	VCID-r1hb-f5nm-ykhk

vulnerability	VCID-rc91-j3kf-zfch

vulnerability	VCID-rthq-fqk2-yydk

vulnerability	VCID-s6p1-rf35-euhy

vulnerability	VCID-spk8-q616-rkda

vulnerability	VCID-tmch-gj6d-tyfq

vulnerability	VCID-ts1p-pw9v-cbh3

vulnerability	VCID-u8a4-4pe2-9kcb

vulnerability	VCID-ub6x-9dku-c7fk

vulnerability	VCID-ur1a-7tdn-h3hu

vulnerability	VCID-vehj-ytsm-kqgz

vulnerability	VCID-vtz8-zmp4-xbdh

vulnerability	VCID-x9j7-98zt-6ygt

vulnerability	VCID-xssa-fwbx-kybq

vulnerability	VCID-ybv7-hqmj-nbgr

vulnerability	VCID-yerh-ssat-abah

vulnerability	VCID-yv5x-shsw-57cv

vulnerability	VCID-z3kp-p8ch-myhz

vulnerability	VCID-z7fn-ubfx-g3em

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@0.7.2-9%252Bdeb7u2

url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie

purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rdb5-bbvn-7fcq

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4%3Fdistro=trixie

url	pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
purl	pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6%3Fdistro=trixie

url	pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.13%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-1%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/roundcube@0.3.1-6

purl pkg:deb/debian/roundcube@0.3.1-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14vp-t71a-4bh1

vulnerability	VCID-1aph-76b1-eyhv

vulnerability	VCID-23v8-vzqs-j3f6

vulnerability	VCID-2eyy-k49d-m3af

vulnerability	VCID-2hap-9mqs-v3b8

vulnerability	VCID-2k4q-26tk-j3gx

vulnerability	VCID-2nb2-9vgp-tqg9

vulnerability	VCID-36et-26h7-pke7

vulnerability	VCID-3kyu-tx4q-p3aq

vulnerability	VCID-489e-j7sj-5kgv

vulnerability	VCID-4yzj-hrqv-vbcp

vulnerability	VCID-53mq-nmxf-eug3

vulnerability	VCID-5yts-xnha-4bf3

vulnerability	VCID-76t7-q4pa-gkct

vulnerability	VCID-79me-pjdn-ykgq

vulnerability	VCID-7hh1-8grz-7fa9

vulnerability	VCID-7nn6-aywu-z7g8

vulnerability	VCID-8keg-wbj1-8ua9

vulnerability	VCID-8vmm-1hvf-17ap

vulnerability	VCID-8xf2-hjfv-hybh

vulnerability	VCID-9der-5csu-nbbq

vulnerability	VCID-9ktu-55q4-3kau

vulnerability	VCID-9uqr-ph81-gfef

vulnerability	VCID-9uv1-gqq7-3kc9

vulnerability	VCID-brmp-djyb-q3b7

vulnerability	VCID-c196-941x-8kfj

vulnerability	VCID-c4ys-1wzp-vqej

vulnerability	VCID-cjkd-2jr6-n7as

vulnerability	VCID-ck88-1urs-2kes

vulnerability	VCID-cnkc-vcp7-6kcw

vulnerability	VCID-ddfq-28qm-2fbn

vulnerability	VCID-dzu5-531f-qqgy

vulnerability	VCID-ekhg-mmjb-v3c3

vulnerability	VCID-fuh5-bwaq-yyfk

vulnerability	VCID-g7dn-kxs3-p7bx

vulnerability	VCID-gh6k-19h8-fqbf

vulnerability	VCID-hg1a-vx5c-hue3

vulnerability	VCID-j29t-cw2h-mfd8

vulnerability	VCID-ja7n-zgpp-dfh4

vulnerability	VCID-jck5-xymf-s3bh

vulnerability	VCID-jqs5-8ct7-wfgk

vulnerability	VCID-kch8-wrzv-bfdm

vulnerability	VCID-kep3-256k-fqdm

vulnerability	VCID-kf54-x29g-63fb

vulnerability	VCID-kyxz-v3sj-w3cw

vulnerability	VCID-m4yc-ms54-zyhv

vulnerability	VCID-ncbg-6m11-3qan

vulnerability	VCID-qfyq-umv5-e7h1

vulnerability	VCID-qr2m-f4yw-qqa5

vulnerability	VCID-qwak-6wgy-wfgs

vulnerability	VCID-r1hb-f5nm-ykhk

vulnerability	VCID-rc91-j3kf-zfch

vulnerability	VCID-rthq-fqk2-yydk

vulnerability	VCID-s6p1-rf35-euhy

vulnerability	VCID-spk8-q616-rkda

vulnerability	VCID-tmch-gj6d-tyfq

vulnerability	VCID-ts1p-pw9v-cbh3

vulnerability	VCID-u8a4-4pe2-9kcb

vulnerability	VCID-ub6x-9dku-c7fk

vulnerability	VCID-ur1a-7tdn-h3hu

vulnerability	VCID-vehj-ytsm-kqgz

vulnerability	VCID-vtz8-zmp4-xbdh

vulnerability	VCID-x9j7-98zt-6ygt

vulnerability	VCID-xssa-fwbx-kybq

vulnerability	VCID-ybv7-hqmj-nbgr

vulnerability	VCID-yerh-ssat-abah

vulnerability	VCID-yv5x-shsw-57cv

vulnerability	VCID-z3kp-p8ch-myhz

vulnerability	VCID-z7fn-ubfx-g3em

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@0.3.1-6

url pkg:deb/debian/roundcube@0.3.1-6%2Bdeb6u1

purl pkg:deb/debian/roundcube@0.3.1-6%2Bdeb6u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14vp-t71a-4bh1

vulnerability	VCID-1aph-76b1-eyhv

vulnerability	VCID-23v8-vzqs-j3f6

vulnerability	VCID-2eyy-k49d-m3af

vulnerability	VCID-2hap-9mqs-v3b8

vulnerability	VCID-2k4q-26tk-j3gx

vulnerability	VCID-2nb2-9vgp-tqg9

vulnerability	VCID-36et-26h7-pke7

vulnerability	VCID-3kyu-tx4q-p3aq

vulnerability	VCID-489e-j7sj-5kgv

vulnerability	VCID-4yzj-hrqv-vbcp

vulnerability	VCID-53mq-nmxf-eug3

vulnerability	VCID-5yts-xnha-4bf3

vulnerability	VCID-76t7-q4pa-gkct

vulnerability	VCID-79me-pjdn-ykgq

vulnerability	VCID-7hh1-8grz-7fa9

vulnerability	VCID-7nn6-aywu-z7g8

vulnerability	VCID-8keg-wbj1-8ua9

vulnerability	VCID-8vmm-1hvf-17ap

vulnerability	VCID-8xf2-hjfv-hybh

vulnerability	VCID-9der-5csu-nbbq

vulnerability	VCID-9ktu-55q4-3kau

vulnerability	VCID-9uqr-ph81-gfef

vulnerability	VCID-9uv1-gqq7-3kc9

vulnerability	VCID-brmp-djyb-q3b7

vulnerability	VCID-c196-941x-8kfj

vulnerability	VCID-c4ys-1wzp-vqej

vulnerability	VCID-cjkd-2jr6-n7as

vulnerability	VCID-ck88-1urs-2kes

vulnerability	VCID-cnkc-vcp7-6kcw

vulnerability	VCID-ddfq-28qm-2fbn

vulnerability	VCID-dzu5-531f-qqgy

vulnerability	VCID-ekhg-mmjb-v3c3

vulnerability	VCID-fuh5-bwaq-yyfk

vulnerability	VCID-g7dn-kxs3-p7bx

vulnerability	VCID-gh6k-19h8-fqbf

vulnerability	VCID-hg1a-vx5c-hue3

vulnerability	VCID-j29t-cw2h-mfd8

vulnerability	VCID-ja7n-zgpp-dfh4

vulnerability	VCID-jck5-xymf-s3bh

vulnerability	VCID-jqs5-8ct7-wfgk

vulnerability	VCID-kch8-wrzv-bfdm

vulnerability	VCID-kep3-256k-fqdm

vulnerability	VCID-kf54-x29g-63fb

vulnerability	VCID-kyxz-v3sj-w3cw

vulnerability	VCID-m4yc-ms54-zyhv

vulnerability	VCID-ncbg-6m11-3qan

vulnerability	VCID-qfyq-umv5-e7h1

vulnerability	VCID-qr2m-f4yw-qqa5

vulnerability	VCID-qwak-6wgy-wfgs

vulnerability	VCID-r1hb-f5nm-ykhk

vulnerability	VCID-rc91-j3kf-zfch

vulnerability	VCID-rthq-fqk2-yydk

vulnerability	VCID-s6p1-rf35-euhy

vulnerability	VCID-spk8-q616-rkda

vulnerability	VCID-tmch-gj6d-tyfq

vulnerability	VCID-ts1p-pw9v-cbh3

vulnerability	VCID-u8a4-4pe2-9kcb

vulnerability	VCID-ub6x-9dku-c7fk

vulnerability	VCID-ur1a-7tdn-h3hu

vulnerability	VCID-vehj-ytsm-kqgz

vulnerability	VCID-vtz8-zmp4-xbdh

vulnerability	VCID-x9j7-98zt-6ygt

vulnerability	VCID-xssa-fwbx-kybq

vulnerability	VCID-ybv7-hqmj-nbgr

vulnerability	VCID-yerh-ssat-abah

vulnerability	VCID-yv5x-shsw-57cv

vulnerability	VCID-z3kp-p8ch-myhz

vulnerability	VCID-z7fn-ubfx-g3em

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@0.3.1-6%252Bdeb6u1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-3508

reference_id

reference_type

scores

value	0.09998
scoring_system	epss
scoring_elements	0.93078
published_at	2026-04-24T12:55:00Z

value	0.09998
scoring_system	epss
scoring_elements	0.93024
published_at	2026-04-01T12:55:00Z

value	0.09998
scoring_system	epss
scoring_elements	0.93033
published_at	2026-04-02T12:55:00Z

value	0.09998
scoring_system	epss
scoring_elements	0.93036
published_at	2026-04-07T12:55:00Z

value	0.09998
scoring_system	epss
scoring_elements	0.93044
published_at	2026-04-08T12:55:00Z

value	0.09998
scoring_system	epss
scoring_elements	0.93048
published_at	2026-04-09T12:55:00Z

value	0.09998
scoring_system	epss
scoring_elements	0.93053
published_at	2026-04-11T12:55:00Z

value	0.09998
scoring_system	epss
scoring_elements	0.93051
published_at	2026-04-12T12:55:00Z

value	0.09998
scoring_system	epss
scoring_elements	0.93052
published_at	2026-04-13T12:55:00Z

value	0.09998
scoring_system	epss
scoring_elements	0.93063
published_at	2026-04-16T12:55:00Z

value	0.09998
scoring_system	epss
scoring_elements	0.93066
published_at	2026-04-18T12:55:00Z

value	0.09998
scoring_system	epss
scoring_elements	0.93072
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3508

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3508
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3508

reference_url	http://secunia.com/advisories/50279
reference_id
reference_type
scores
url	http://secunia.com/advisories/50279

reference_url	https://github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee
reference_id
reference_type
scores
url	https://github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee

reference_url	http://sourceforge.net/news/?group_id=139281&id=309011
reference_id
reference_type
scores
url	http://sourceforge.net/news/?group_id=139281&id=309011

reference_url	http://trac.roundcube.net/ticket/1488613
reference_id
reference_type
scores
url	http://trac.roundcube.net/ticket/1488613

reference_url	http://www.openwall.com/lists/oss-security/2012/08/20/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2012/08/20/2

reference_url	http://www.openwall.com/lists/oss-security/2012/08/20/9
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2012/08/20/9

reference_url	http://www.securelist.com/en/advisories/50279
reference_id
reference_type
scores
url	http://www.securelist.com/en/advisories/50279

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685475
reference_id	685475
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685475

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:0.8.0:::::::*
reference_id	cpe:2.3:a:roundcube:webmail:0.8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:0.8.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3508

reference_id

CVE-2012-3508

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3508

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/20549.py
reference_id	CVE-2012-4668;CVE-2012-3508;OSVDB-85142;OSVDB-84741
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/20549.py

Weaknesses

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Exploits

date_added	2012-08-16
description	Roundcube Webmail 0.8.0 - Persistent Cross-Site Scripting
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2012-08-16
exploit_type	webapps
platform	php
source_date_updated	2012-08-16
data_source	Exploit-DB
source_url

Severity_range_score 4.3 - 4.3

Exploitability 2.0

Weighted_severity 3.9

Risk_score 7.8

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qfyq-umv5-e7h1

Vulnerability Instance