Fahimeh Rezaei

**Name of the Vulnerable Software and Affected Versions** Roundcube rcfilters plugin version 2.1.6 **Description** The issue exists in the Filters section of the settings, where XSS can be triggered via the ` whatfilter` and ` messages` parameters. **Recommendations** For Roundcube rcfilters plugin version 2.1.6, avoid using the ` whatfilter` and ` messages` parameters in the Filters section of the settings until the issue is resolved. As a temporary workaround, consider restricting access to the Filters section to minimize the risk of exploitation.