Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
{ "severity": "Medium", "cpes": [ "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*" ] }