Resolved Bugs
1188203 – CVE-2015-1433 roundcubemail: crooss-site scripting in style attribute handling [epel-all]
1188202 – CVE-2015-1433 roundcubemail: crooss-site scripting in style attribute handling [fedora-all]<br
Cross-site scripting vulnerability has been fixed in Roundcube 1.0.5 version.
http://roundcube.net/news/2015/01/24/security-update-1.0.5/
http://trac.roundcube.net/wiki/Changelog#RELEASE1.0.5
http://trac.roundcube.net/ticket/1490227
CVE request: http://www.openwall.com/lists/oss-security/2015/01/31/3