Name of the Vulnerable Software and Affected Versions roundcubemail versions prior to 1.6.3

Description The issue is related to a cross-site scripting (XSS) vulnerability in the handling of linkrefs in plain text messages. This vulnerability can be exploited by an attacker to inject malicious code into the application.

Recommendations To resolve the issue, update roundcubemail to version 1.6.3 or later. As a temporary workaround, consider disabling the handling of linkrefs in plain text messages until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the linkrefs feature in plain text messages until the issue is resolved.