Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).
{ "cpes": [ "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*" ], "severity": "Medium" }