Roundcube · Roundcube · CVE-2018-19206
**Name of the Vulnerable Software and Affected Versions**
Roundcube versions prior to 1.3.8
ALT Linux (affected versions not specified)
**Description**
The issue allows for XSS via crafted use of `<svg><style>`, as demonstrated by an `onload` attribute in a `BODY` element, within an HTML attachment. This can lead to potential exploitation.
**Recommendations**
For Roundcube versions prior to 1.3.8, update to version 1.3.8 or later to resolve the issue.
For ALT Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.