Filtered by vendor Roundcube
Subscriptions
Filtered by product Webmail
Subscriptions
Total
65 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-5619 | 1 Roundcube | 1 Webmail | 2024-11-21 | N/A |
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. | ||||
CVE-2007-6321 | 1 Roundcube | 1 Webmail | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands. | ||||
CVE-2005-4368 | 1 Roundcube | 1 Webmail | 2024-11-21 | N/A |
roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message. | ||||
CVE-2024-42009 | 1 Roundcube | 1 Webmail | 2024-09-07 | 9.3 Critical |
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php. | ||||
CVE-2024-42008 | 1 Roundcube | 1 Webmail | 2024-09-07 | 9.3 Critical |
A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header. |