Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
imap vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-12626
An issue exists in Roundcube Webmail prior to 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.
Roundcube Webmail
Debian Debian Linux 9.0
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2019-19783
An issue exists in Cyrus IMAP prior to 2.5.15, 3.0.x prior to 3.0.13, and 3.1.x up to and including 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containin...
Cyrus Imap
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
6.5
CVSSv3
CVE-2017-12843
Cyrus IMAP prior to 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.
Cyrusimap Cyrus Imap
Fedoraproject Fedora 26
6.1
CVSSv3
CVE-2023-47272
Roundcube 1.5.x prior to 1.5.6 and 1.6.x prior to 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).
Roundcube Webmail
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
6.1
CVSSv3
CVE-2021-46144
Roundcube prior to 1.4.13 and 1.5.x prior to 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.
Roundcube Roundcube
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.1
CVSSv3
CVE-2021-44025
Roundcube prior to 1.3.17 and 1.4.x prior to 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.
Roundcube Webmail
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.1
CVSSv3
CVE-2020-35730
An XSS issue exists in Roundcube Webmail prior to 1.2.13, 1.3.x prior to 1.3.16, and 1.4.x prior to 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.
Roundcube Webmail
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
1 Github repository
2 Articles
6.1
CVSSv3
CVE-2020-16145
Roundcube Webmail prior to 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
Roundcube Webmail
Fedoraproject Fedora 31
Fedoraproject Fedora 32
6.1
CVSSv3
CVE-2020-15562
An issue exists in Roundcube Webmail prior to 1.2.11, 1.3.x prior to 1.3.14, and 1.4.x prior to 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.
Roundcube Webmail
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2020-13964
An issue exists in Roundcube Webmail prior to 1.3.12 and 1.4.x prior to 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.
Roundcube Webmail
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Debian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »