Filtered by vendor Roundcube
Subscriptions
Total
70 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-43770 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2024-12-20 | 6.1 Medium |
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. | ||||
CVE-2024-37383 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2024-12-20 | 6.1 Medium |
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. | ||||
CVE-2024-37384 | 1 Roundcube | 1 Roundcube Webmail | 2024-11-21 | 6.1 Medium |
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences. | ||||
CVE-2023-5631 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2024-11-21 | 6.1 Medium |
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code. | ||||
CVE-2023-47272 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2024-11-21 | 6.1 Medium |
Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). | ||||
CVE-2021-46144 | 2 Debian, Roundcube | 2 Debian Linux, Roundcube | 2024-11-21 | 6.1 Medium |
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences. | ||||
CVE-2021-44026 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2024-11-21 | 9.8 Critical |
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. | ||||
CVE-2021-44025 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2024-11-21 | 6.1 Medium |
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message. | ||||
CVE-2021-26925 | 2 Fedoraproject, Roundcube | 2 Fedora, Webmail | 2024-11-21 | 5.4 Medium |
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. | ||||
CVE-2020-35730 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2024-11-21 | 6.1 Medium |
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php. | ||||
CVE-2020-18671 | 1 Roundcube | 1 Webmail | 2024-11-21 | 5.4 Medium |
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php. | ||||
CVE-2020-18670 | 1 Roundcube | 1 Webmail | 2024-11-21 | 5.4 Medium |
Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php. | ||||
CVE-2020-16145 | 2 Fedoraproject, Roundcube | 2 Fedora, Webmail | 2024-11-21 | 6.1 Medium |
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15. | ||||
CVE-2020-15562 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2024-11-21 | 6.1 Medium |
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists. | ||||
CVE-2020-13965 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2024-11-21 | 6.1 Medium |
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview. | ||||
CVE-2020-13964 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2024-11-21 | 6.1 Medium |
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object. | ||||
CVE-2020-12641 | 2 Opensuse, Roundcube | 3 Backports Sle, Leap, Webmail | 2024-11-21 | 9.8 Critical |
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. | ||||
CVE-2020-12640 | 2 Opensuse, Roundcube | 3 Backports Sle, Leap, Webmail | 2024-11-21 | 9.8 Critical |
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. | ||||
CVE-2020-12626 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2024-11-21 | 6.5 Medium |
An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered. | ||||
CVE-2020-12625 | 3 Debian, Opensuse, Roundcube | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 6.1 Medium |
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. |