CVE-2019-13389

Name of the Vulnerable Software and Affected Versions: RainLoop Webmail versions prior to 1.13.0

Description: The issue lacks XSS protection mechanisms, including xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header.

Recommendations: For versions prior to 1.13.0, update to version 1.13.0 or later to resolve the issue. As a temporary workaround, consider implementing additional XSS protection mechanisms, such as validating user input and setting appropriate HTTP headers, until a patch is available.