Debian Linux Security Advisory 4700-1 - Matei Badanoiu and LoRexxar@knownsec discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow a remote attacker to perform a Cross-Side Scripting (XSS) attack leading to the execution of arbitrary code.
b99b9b11ff30b56084ed6513563f9c002ec060e4d60de71d6f65480ab9c34eba