Critical XSS Vulnerability in Roundcube Webmail Discovered

A Cross-Site-Scripting (XSS) vulnerability has been identified in Roundcube Webmail, allowing attackers to execute arbitrary scripts in the context of a user's session if they visit a malicious website. The vulnerability is linked to the animate tag in SVG documents. This issue affects users of Roundcube Webmail, which is widely used for IMAP servers. Users are advised to update their systems to the latest package versions to mitigate the risk. The vulnerability has been assigned the identifier USN-8482-1. Ubuntu Pro users are provided with ten-year security coverage for affected packages. A standard system update is recommended to apply the necessary changes. The vulnerability poses a significant risk if exploited, as it could lead to unauthorized actions under the user's account.

Key Points: • Roundcube Webmail has a critical XSS vulnerability via SVG documents. • Attackers can execute scripts in the context of affected users' sessions. • Users should update to the latest package versions to mitigate risks.