Roundcube · Roundcube Rcfilters Plugin · CVE-2018-16736
**Name of the Vulnerable Software and Affected Versions**
Roundcube rcfilters plugin version 2.1.6
**Description**
The issue exists in the Filters section of the settings, where XSS can be triggered via the ` whatfilter` and ` messages` parameters.
**Recommendations**
For Roundcube rcfilters plugin version 2.1.6, avoid using the ` whatfilter` and ` messages` parameters in the Filters section of the settings until the issue is resolved. As a temporary workaround, consider restricting access to the Filters section to minimize the risk of exploitation.