CrowdStrike discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow an attacker to perform Cross-Side Scripting (XSS) attacks.
76f384d98ec58b42d0845da5a6f6ff864308dde40b2b6c466e6e929407bc0f85