id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
1488020	Security issue: An attacker could use text email messages to make Internet Explorer users run scripts in the context of the webmail system	enriquerando		"Under certain circunstances, RoundCube doesn’t html encode output when showing text files. If the user uses a browser that processes files based on its contents, it could be leveraged by the attacker to inject scripts.

Please see the attached file for some examples and explanations.

Don't hesitate to contact me for more info."	Bugs	closed	3	later	User Interface	0.5.3	major	duplicate