RSS   Vulnerabilities for 'Webmail'   RSS

2021-11-19
 
CVE-2021-44025

CWE-79
 

 
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.

 
 
CVE-2021-44026

CWE-89
 

 
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.

 
2020-08-12
 
CVE-2020-16145

CWE-79
 

 
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.

 
2020-06-09
 
CVE-2020-13965

CWE-79
 

 
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.

 
 
CVE-2020-13964

CWE-79
 

 
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.

 
2020-05-04
 
CVE-2020-12641

CWE-88
 

 
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.

 
 
CVE-2020-12640

CWE-22
 

 
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.

 
 
CVE-2020-12626

CWE-352
 

 
An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.

 
 
CVE-2020-12625

CWE-79
 

 
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.

 
2019-08-19
 
CVE-2019-15237

CWE-20
 

 
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.

 


Copyright 2021, cxsecurity.com

 

Back to Top