Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube webmail 1.2.3 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-13964
An issue exists in Roundcube Webmail prior to 1.3.12 and 1.4.x prior to 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.
Roundcube Webmail
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2020-13965
An issue exists in Roundcube Webmail prior to 1.3.12 and 1.4.x prior to 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
Roundcube Webmail
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
1 Github repository
6.1
CVSSv3
CVE-2020-12625
An issue exists in Roundcube Webmail prior to 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.
Roundcube Webmail
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
1 Github repository
6.5
CVSSv3
CVE-2020-12626
An issue exists in Roundcube Webmail prior to 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.
Roundcube Webmail
Debian Debian Linux 9.0
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2018-19206
steps/mail/func.inc in Roundcube prior to 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.
Roundcube Webmail
Debian Debian Linux 9.0
7.8
CVSSv3
CVE-2017-16651
Roundcube Webmail prior to 1.1.10, 1.2.x prior to 1.2.7, and 1.3.x prior to 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at th...
Roundcube Webmail 1.2.2
Roundcube Webmail 1.2.0
Roundcube Webmail 1.2.1
Roundcube Webmail
Roundcube Webmail 1.3.2
Roundcube Webmail 1.3.1
Roundcube Webmail 1.3.0
Roundcube Webmail 1.2.6
Roundcube Webmail 1.2.5
Roundcube Webmail 1.2.4
Roundcube Webmail 1.2.3
Debian Debian Linux 7.0
Debian Debian Linux 9.0
2 Github repositories
6.1
CVSSv3
CVE-2017-6820
rcube_utils.php in Roundcube prior to 1.1.8 and 1.2.x prior to 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.
Roundcube Webmail 1.2.2
Roundcube Webmail 1.2.0
Roundcube Webmail 1.2.1
Roundcube Webmail 1.2.3
Roundcube Webmail
7.5
CVSSv3
CVE-2016-9920
steps/mail/sendmail.inc in Roundcube prior to 1.1.7 and 1.2.x prior to 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticate...
Roundcube Webmail
Roundcube Webmail 1.2.2
Roundcube Webmail 1.2.0
Roundcube Webmail 1.2.1
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started