Debian Linux Security Advisory 4674-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow a remote attacker to perform either a Cross-Site Request Forgery (CSRF) forcing an authenticated user to be logged out, or a Cross-Side Scripting (XSS) leading to execution of arbitrary code.
1a0e4fd0c77e5eb1e095f0a4465f6f037d2438c0aa3169e10e182197a9f7487e