It was discovered that Roundcube Webmail was prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document. An attacker could use this issue to execute arbitrary web script in the context of an affected user's session.