RSS   Vulnerabilities for 'Roundcube'   RSS

2022-01-06
 
CVE-2021-46144

CWE-79
 

 
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.

 
2021-06-24
 
CVE-2020-18670

CWE-79
 

 
Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.

 
 
CVE-2020-18671

CWE-79
 

 
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.

 
2021-02-09
 
CVE-2021-26925

CWE-79
 

 
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.

 
2020-12-28
 
CVE-2020-35730

CWE-79
 

 
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.

 

 >>> Vendor: Roundcube 3 Products
Roundcube webmail
Webmail
Roundcube


Copyright 2022, cxsecurity.com

 

Back to Top